[PULL 0/5] Target-info update for 2026-05-12

[PULL 0/5] Target-info update for 2026-05-12

[Pierrick Bouvier]

The following changes since commit 5e61afe211e82a9af15a8794a0bd29bb574e953b:

  Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging (2026-05-11 10:49:53 -0400)

are available in the Git repository at:

  https://gitlab.com/p-b-o/qemu tags/pbouvier/pr/target_info-20260512

for you to fetch changes up to 0fc2022c6331c5d5bdd9060c73d067abba3f5515:

  target-info: replace target_info() in system-mode (2026-05-12 11:29:18 -0700)

----------------------------------------------------------------
Changes:
- [PATCH v6 0/5] single-binary: deduplicate target_info() (Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>)
  Link: https://lore.kernel.org/qemu-devel/20260512150208.1167711-1-pierrick.bouvier@oss.qualcomm.com

----------------------------------------------------------------
Pierrick Bouvier (5):
      qom/object: register OBJECT and INTERFACE QOM types before main
      qom/object: initialize type_table in static ctor with fundamental QOM types
      target-info: introduce TargetInfo in QOM
      target-info-qom: detect target from QOM
      target-info: replace target_info() in system-mode

 configs/targets/aarch64-softmmu.c |  6 ++---
 configs/targets/arm-softmmu.c     |  6 ++---
 include/qemu/module.h             |  1 +
 include/qemu/target-info-init.h   | 53 +++++++++++++++++++++++++++++++++++++++
 include/qemu/target-info-qom.h    | 30 ++++++++++++++++++++++
 qom/object.c                      | 22 +++++-----------
 system/vl.c                       |  4 +++
 target-info-qom.c                 | 45 +++++++++++++++++++++++++++++++++
 target-info-stub.c                |  6 ++---
 9 files changed, 145 insertions(+), 28 deletions(-)
 create mode 100644 include/qemu/target-info-init.h
 create mode 100644 include/qemu/target-info-qom.h

[PULL 1/5] qom/object: register OBJECT and INTERFACE QOM types before main

[Pierrick Bouvier]

Those types are special, as they are the base of all other QOM types. In
next commit, we'll introduce an extra step in module initialization for
target-info-* types.

However, those types depend on TYPE_OBJECT, which is only registered
at MODULE_INIT_QOM step.

To avoid having to introduce another step, and modify all code calling
module_call_init(MODULE_INIT_QOM), we simply register those base types
directly in the static constructor, before anything else.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260512150208.1167711-2-pierrick.bouvier@oss.qualcomm.com
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>
---
 qom/object.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/qom/object.c b/qom/object.c
index 59fd79738d2..b82b65a3a18 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -2844,7 +2844,7 @@ static void object_class_init(ObjectClass *klass, const void *data)
                                   NULL);
 }
 
-static void register_types(void)
+static void __attribute__((constructor)) register_types(void)
 {
     static const TypeInfo interface_info = {
         .name = TYPE_INTERFACE,
@@ -2862,5 +2862,3 @@ static void register_types(void)
     type_interface = type_register_internal(&interface_info);
     type_register_internal(&object_info);
 }
-
-type_init(register_types)
-- 
2.43.0

[PULL 2/5] qom/object: initialize type_table in static ctor with fundamental QOM types

[Pierrick Bouvier]

This saves us having to check if it's initialized everytime we have to
access it. No other QOM type should be initialized or accessed during
static ctor calls, so we don't depend on their ordering.

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260512150208.1167711-3-pierrick.bouvier@oss.qualcomm.com
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>
---
 qom/object.c | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/qom/object.c b/qom/object.c
index b82b65a3a18..dfdc5c8e424 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -76,28 +76,19 @@ struct TypeImpl
 
 static Type type_interface;
 
-static GHashTable *type_table_get(void)
-{
-    static GHashTable *type_table;
-
-    if (type_table == NULL) {
-        type_table = g_hash_table_new(g_str_hash, g_str_equal);
-    }
-
-    return type_table;
-}
+static GHashTable *type_table;
 
 static bool enumerating_types;
 
 static void type_table_add(TypeImpl *ti)
 {
     assert(!enumerating_types);
-    g_hash_table_insert(type_table_get(), (void *)ti->name, ti);
+    g_hash_table_insert(type_table, (void *)ti->name, ti);
 }
 
 static TypeImpl *type_table_lookup(const char *name)
 {
-    return g_hash_table_lookup(type_table_get(), name);
+    return g_hash_table_lookup(type_table, name);
 }
 
 static TypeImpl *type_new(const TypeInfo *info)
@@ -1069,7 +1060,7 @@ void object_class_foreach(void (*fn)(ObjectClass *klass, void *opaque),
     OCFData data = { fn, implements_type, include_abstract, opaque };
 
     enumerating_types = true;
-    g_hash_table_foreach(type_table_get(), object_class_foreach_tramp, &data);
+    g_hash_table_foreach(type_table, object_class_foreach_tramp, &data);
     enumerating_types = false;
 }
 
@@ -2859,6 +2850,7 @@ static void __attribute__((constructor)) register_types(void)
         .abstract = true,
     };
 
+    type_table = g_hash_table_new(g_str_hash, g_str_equal);
     type_interface = type_register_internal(&interface_info);
     type_register_internal(&object_info);
 }
-- 
2.43.0

[PULL 3/5] target-info: introduce TargetInfo in QOM

[Pierrick Bouvier]

For the single-binary, we want to be able to retrieve at runtime the
current target among the different ones available.
A consequence is that we can't rely on existing target_info() definition
since it will create a conflict once more than one target is available.

To solve this, we add TargetInfo in QOM, with this hierarchy.
We define one class "target-info-X" per target, that inherits from
abstract class "target-info". Using concrete vs abstract class ensure we
can easily filter "target-info-X" from all QOM types.
Associated TargetInfo is directly set through class initialization,
without relying on any instance.

For user mode, we simply define target_info() like it was done
previously. In this patch, we keep the same definition for system-mode
also, and it will be replaced in next commits.

We will introduce detection of target from QOM, so we need to make sure
those types are registered early.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260512150208.1167711-4-pierrick.bouvier@oss.qualcomm.com
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>
---
 configs/targets/aarch64-softmmu.c |  6 ++--
 configs/targets/arm-softmmu.c     |  6 ++--
 include/qemu/module.h             |  1 +
 include/qemu/target-info-init.h   | 58 +++++++++++++++++++++++++++++++
 include/qemu/target-info-qom.h    | 28 +++++++++++++++
 system/vl.c                       |  2 ++
 target-info-qom.c                 | 24 +++++++++++++
 target-info-stub.c                |  6 ++--
 8 files changed, 119 insertions(+), 12 deletions(-)
 create mode 100644 include/qemu/target-info-init.h
 create mode 100644 include/qemu/target-info-qom.h

diff --git a/configs/targets/aarch64-softmmu.c b/configs/targets/aarch64-softmmu.c
index 82ccb575759..75d95b0e743 100644
--- a/configs/targets/aarch64-softmmu.c
+++ b/configs/targets/aarch64-softmmu.c
@@ -8,6 +8,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu/target-info-impl.h"
+#include "qemu/target-info-init.h"
 #include "hw/arm/machines-qom.h"
 #include "target/arm/cpu-qom.h"
 #include "target/arm/cpu-param.h"
@@ -23,7 +24,4 @@ static const TargetInfo target_info_aarch64_system = {
     .page_bits_init = TARGET_PAGE_BITS_LEGACY,
 };
 
-const TargetInfo *target_info(void)
-{
-    return &target_info_aarch64_system;
-}
+target_info_init(target_info_aarch64_system)
diff --git a/configs/targets/arm-softmmu.c b/configs/targets/arm-softmmu.c
index 18940e51e55..73546fa5737 100644
--- a/configs/targets/arm-softmmu.c
+++ b/configs/targets/arm-softmmu.c
@@ -8,6 +8,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu/target-info-impl.h"
+#include "qemu/target-info-init.h"
 #include "hw/arm/machines-qom.h"
 #include "target/arm/cpu-qom.h"
 #include "target/arm/cpu-param.h"
@@ -23,7 +24,4 @@ static const TargetInfo target_info_arm_system = {
     .page_bits_init = TARGET_PAGE_BITS_LEGACY,
 };
 
-const TargetInfo *target_info(void)
-{
-    return &target_info_arm_system;
-}
+target_info_init(target_info_arm_system)
diff --git a/include/qemu/module.h b/include/qemu/module.h
index 9885ac9afb3..fccf017bf9e 100644
--- a/include/qemu/module.h
+++ b/include/qemu/module.h
@@ -43,6 +43,7 @@ typedef enum {
     MODULE_INIT_MIGRATION,
     MODULE_INIT_BLOCK,
     MODULE_INIT_OPTS,
+    MODULE_INIT_TARGET_INFO,
     MODULE_INIT_QOM,
     MODULE_INIT_TRACE,
     MODULE_INIT_XEN_BACKEND,
diff --git a/include/qemu/target-info-init.h b/include/qemu/target-info-init.h
new file mode 100644
index 00000000000..32c323a7ef9
--- /dev/null
+++ b/include/qemu/target-info-init.h
@@ -0,0 +1,58 @@
+/*
+ * QEMU target info initialization
+ *
+ * Copyright (c) Qualcomm
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * This file is included by each file defining a TargetInfo structure and is
+ * responsible for registering it.
+ */
+
+#ifndef QEMU_TARGET_INFO_INIT_H
+#define QEMU_TARGET_INFO_INIT_H
+
+#define DEFINE_TARGET_INFO_TYPE(info)                                       \
+static void do_qemu_init_target_info(void)                                  \
+{                                                                           \
+    type_register_static(&info);                                            \
+}                                                                           \
+module_init(do_qemu_init_target_info, MODULE_INIT_TARGET_INFO)
+
+#ifdef COMPILING_PER_TARGET
+#ifdef CONFIG_USER_ONLY
+
+/*
+ * User mode does not support multiple targets in the same binary, so just
+ * define target_info().
+ */
+#define target_info_init(ti_var)        \
+const TargetInfo *target_info(void)     \
+{                                       \
+    return &ti_var;                     \
+}
+
+#else /* CONFIG_USER_ONLY */
+
+#include "qemu/target-info-qom.h"
+#include "qom/object.h"
+
+#define target_info_init(ti_var)                                            \
+const TargetInfo *target_info(void)                                         \
+{                                                                           \
+    return &ti_var;                                                         \
+}                                                                           \
+                                                                            \
+static const TypeInfo target_info_qom_target_type_info = {                  \
+    .name =  TYPE_TARGET_INFO"-"TARGET_NAME,                                \
+    .parent = TYPE_TARGET_INFO,                                             \
+    .instance_size = sizeof(TargetInfoQom),                                 \
+    .class_size = sizeof(TargetInfoQomClass),                               \
+    .class_data = &ti_var,                                                  \
+};                                                                          \
+DEFINE_TARGET_INFO_TYPE(target_info_qom_target_type_info)
+
+#endif /* CONFIG_USER_ONLY */
+#endif /* COMPILING_PER_TARGET */
+
+#endif /* QEMU_TARGET_INFO_INIT_H */
diff --git a/include/qemu/target-info-qom.h b/include/qemu/target-info-qom.h
new file mode 100644
index 00000000000..585995c7ad0
--- /dev/null
+++ b/include/qemu/target-info-qom.h
@@ -0,0 +1,28 @@
+/*
+ * QEMU target info QOM types
+ *
+ * Copyright (c) Qualcomm
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef QEMU_TARGET_INFO_QOM_H
+#define QEMU_TARGET_INFO_QOM_H
+
+#include "qemu/target-info-impl.h"
+#include "qom/object.h"
+
+#define TYPE_TARGET_INFO "target-info"
+
+typedef struct TargetInfoQom {
+    Object parent_obj;
+} TargetInfoQom;
+
+typedef struct TargetInfoQomClass {
+    ObjectClass parent_class;
+    const TargetInfo *target_info;
+} TargetInfoQomClass;
+
+OBJECT_DECLARE_TYPE(TargetInfoQom, TargetInfoQomClass, TARGET_INFO)
+
+#endif /* QEMU_TARGET_INFO_QOM_H */
diff --git a/system/vl.c b/system/vl.c
index d2f4044e5d8..e44da0941d4 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -2889,6 +2889,8 @@ void qemu_init(int argc, char **argv)
 
     os_setup_limits();
 
+    module_call_init(MODULE_INIT_TARGET_INFO);
+
     module_init_info(qemu_modinfo);
     module_allow_arch(target_name());
 
diff --git a/target-info-qom.c b/target-info-qom.c
index 7fd58d24818..79752366b61 100644
--- a/target-info-qom.c
+++ b/target-info-qom.c
@@ -7,7 +7,11 @@
  */
 
 #include "qemu/osdep.h"
+#include "qapi/error.h"
 #include "qom/object.h"
+#include "qemu/target-info-impl.h"
+#include "qemu/target-info-init.h"
+#include "qemu/target-info-qom.h"
 #include "hw/arm/machines-qom.h"
 
 static const TypeInfo target_info_types[] = {
@@ -22,3 +26,23 @@ static const TypeInfo target_info_types[] = {
 };
 
 DEFINE_TYPES(target_info_types)
+
+static void target_info_qom_class_init(ObjectClass *oc, const void * data)
+{
+    TargetInfoQomClass *klass = TARGET_INFO_CLASS(oc);
+    klass->target_info = data;
+}
+
+static const TypeInfo target_info_parent_type = {
+    .name = TYPE_TARGET_INFO,
+    .parent = TYPE_OBJECT,
+    .instance_size = sizeof(TargetInfoQom),
+    .class_size = sizeof(TargetInfoQomClass),
+    /* use class_base_init so children classes can set class_data accordingly */
+    .class_base_init = target_info_qom_class_init,
+    /* children classes will be concrete, which allows to easily query them
+     * without listing this parent class also */
+    .abstract = true,
+};
+
+DEFINE_TARGET_INFO_TYPE(target_info_parent_type)
diff --git a/target-info-stub.c b/target-info-stub.c
index 07d8647ed8e..22b7911201c 100644
--- a/target-info-stub.c
+++ b/target-info-stub.c
@@ -9,6 +9,7 @@
 #include "qemu/osdep.h"
 #include "qemu/target-info.h"
 #include "qemu/target-info-impl.h"
+#include "qemu/target-info-init.h"
 #include "hw/core/boards.h"
 #include "cpu.h"
 #include "exec/cpu-defs.h"
@@ -41,7 +42,4 @@ static const TargetInfo target_info_stub = {
 #endif
 };
 
-const TargetInfo *target_info(void)
-{
-    return &target_info_stub;
-}
+target_info_init(target_info_stub)
-- 
2.43.0

[PULL 4/5] target-info-qom: detect target from QOM

[Pierrick Bouvier]

For now, we expect only one target to be available at runtime. This will
change with the single-binary and we'll detect which one to use
dynamically.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260512150208.1167711-5-pierrick.bouvier@oss.qualcomm.com
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>
---
 include/qemu/target-info-qom.h |  2 ++
 system/vl.c                    |  2 ++
 target-info-qom.c              | 16 ++++++++++++++++
 3 files changed, 20 insertions(+)

diff --git a/include/qemu/target-info-qom.h b/include/qemu/target-info-qom.h
index 585995c7ad0..91be415ed33 100644
--- a/include/qemu/target-info-qom.h
+++ b/include/qemu/target-info-qom.h
@@ -25,4 +25,6 @@ typedef struct TargetInfoQomClass {
 
 OBJECT_DECLARE_TYPE(TargetInfoQom, TargetInfoQomClass, TARGET_INFO)
 
+void target_info_qom_set_target(void);
+
 #endif /* QEMU_TARGET_INFO_QOM_H */
diff --git a/system/vl.c b/system/vl.c
index e44da0941d4..e690aa3ed8c 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -28,6 +28,7 @@
 #include "qemu/units.h"
 #include "qemu/module.h"
 #include "qemu/target-info.h"
+#include "qemu/target-info-qom.h"
 #include "exec/cpu-common.h"
 #include "exec/page-vary.h"
 #include "hw/core/qdev-properties.h"
@@ -2890,6 +2891,7 @@ void qemu_init(int argc, char **argv)
     os_setup_limits();
 
     module_call_init(MODULE_INIT_TARGET_INFO);
+    target_info_qom_set_target();
 
     module_init_info(qemu_modinfo);
     module_allow_arch(target_name());
diff --git a/target-info-qom.c b/target-info-qom.c
index 79752366b61..9947fcc9922 100644
--- a/target-info-qom.c
+++ b/target-info-qom.c
@@ -46,3 +46,19 @@ static const TypeInfo target_info_parent_type = {
 };
 
 DEFINE_TARGET_INFO_TYPE(target_info_parent_type)
+
+static const TargetInfo *target_info_ptr;
+
+void target_info_qom_set_target(void)
+{
+    g_autoptr(GSList) targets = object_class_get_list(TYPE_TARGET_INFO, false);
+
+    size_t num_found = g_slist_length(targets);
+    if (num_found != 1) {
+        error_setg(&error_fatal, num_found == 0 ?
+                                 "no target-info is available" :
+                                 "more than one target-info is available");
+    }
+
+    target_info_ptr = TARGET_INFO_CLASS(targets->data)->target_info;
+}
-- 
2.43.0

[PULL 5/5] target-info: replace target_info() in system-mode

[Pierrick Bouvier]

We now can use TargetInfo information available from QOM, and remove
duplicated target_info() symbol.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260512150208.1167711-6-pierrick.bouvier@oss.qualcomm.com
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>
---
 include/qemu/target-info-init.h | 5 -----
 target-info-qom.c               | 5 +++++
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/qemu/target-info-init.h b/include/qemu/target-info-init.h
index 32c323a7ef9..b7024c9faef 100644
--- a/include/qemu/target-info-init.h
+++ b/include/qemu/target-info-init.h
@@ -38,11 +38,6 @@ const TargetInfo *target_info(void)     \
 #include "qom/object.h"
 
 #define target_info_init(ti_var)                                            \
-const TargetInfo *target_info(void)                                         \
-{                                                                           \
-    return &ti_var;                                                         \
-}                                                                           \
-                                                                            \
 static const TypeInfo target_info_qom_target_type_info = {                  \
     .name =  TYPE_TARGET_INFO"-"TARGET_NAME,                                \
     .parent = TYPE_TARGET_INFO,                                             \
diff --git a/target-info-qom.c b/target-info-qom.c
index 9947fcc9922..b48714cc77f 100644
--- a/target-info-qom.c
+++ b/target-info-qom.c
@@ -49,6 +49,11 @@ DEFINE_TARGET_INFO_TYPE(target_info_parent_type)
 
 static const TargetInfo *target_info_ptr;
 
+const TargetInfo *target_info(void)
+{
+    return target_info_ptr;
+}
+
 void target_info_qom_set_target(void)
 {
     g_autoptr(GSList) targets = object_class_get_list(TYPE_TARGET_INFO, false);
-- 
2.43.0

Re: [PULL 0/5] Target-info update for 2026-05-12

[Stefan Hajnoczi]

On Tue, May 12, 2026 at 2:32 PM Pierrick Bouvier
<pierrick.bouvier@oss.qualcomm.com> wrote:
>
> The following changes since commit 5e61afe211e82a9af15a8794a0bd29bb574e953b:
>
>   Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging (2026-05-11 10:49:53 -0400)
>
> are available in the Git repository at:
>
>   https://gitlab.com/p-b-o/qemu tags/pbouvier/pr/target_info-20260512
>
> for you to fetch changes up to 0fc2022c6331c5d5bdd9060c73d067abba3f5515:
>
>   target-info: replace target_info() in system-mode (2026-05-12 11:29:18 -0700)
>
> ----------------------------------------------------------------
> Changes:
> - [PATCH v6 0/5] single-binary: deduplicate target_info() (Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>)
>   Link: https://lore.kernel.org/qemu-devel/20260512150208.1167711-1-pierrick.bouvier@oss.qualcomm.com
>
> ----------------------------------------------------------------
> Pierrick Bouvier (5):
>       qom/object: register OBJECT and INTERFACE QOM types before main
>       qom/object: initialize type_table in static ctor with fundamental QOM types
>       target-info: introduce TargetInfo in QOM
>       target-info-qom: detect target from QOM
>       target-info: replace target_info() in system-mode

Please take a look at this CI failure:

Testing ./build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-cirrus-vga
...
AddressSanitizer:DEADLYSIGNAL
=================================================================
==5334==ERROR: AddressSanitizer: SEGV on unknown address
0x000000000020 (pc 0x5bd0beb39ef4 bp 0x7ffe0ad764d0 sp 0x7ffe0ad764c0
T0)
==5334==The signal is caused by a READ memory access.
==5334==Hint: address points to the zero page.
#0 0x5bd0beb39ef4 in target_endian_mode
/builds/qemu-project/qemu/build-oss-fuzz/../target-info.c:42:27
#1 0x5bd0beb39ef4 in target_big_endian
/builds/qemu-project/qemu/build-oss-fuzz/../target-info.c:47:12
#2 0x5bd0bf4f1da1 in qtest_process_command
/builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:705:13
#3 0x5bd0bf4f1da1 in qtest_process_inbuf
/builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:778:9
#4 0x5bd0bf4eef54 in qtest_server_inproc_recv
/builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:910:9
#5 0x5bd0bfe18f85 in qtest_sendf
/builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/libqtest.c:715:5
#6 0x5bd0bfe15294 in qtest_query_target_endianness
/builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/libqtest.c:804:5
#7 0x5bd0bfe1f2f3 in qtest_inproc_init
/builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/libqtest.c:2043:23
#8 0x5bd0bfe71778 in qtest_setup
/builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/fuzz/fuzz.c:64:12
#9 0x5bd0bfe71778 in LLVMFuzzerInitialize
/builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/fuzz/fuzz.c:206:16
#10 0x5bd0be9b3b56 in fuzzer::FuzzerDriver(int*, char***, int
(*)(unsigned char const*, unsigned long)) fuzzer.o
#11 0x5bd0be9e2166 in main
(/builds/qemu-project/qemu/build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-cirrus-vga+0x46166)
(BuildId: 845b9265a3ae1439c62fb86e3bc4973f7ea7c960)
#12 0x7f7fef9a65b4 in __libc_start_call_main (/lib64/libc.so.6+0x35b4)
(BuildId: abd2a4d896fed122b3f7da571746f193feeb86a1)
#13 0x7f7fef9a6667 in __libc_start_main@GLIBC_2.2.5
(/lib64/libc.so.6+0x3667) (BuildId:
abd2a4d896fed122b3f7da571746f193feeb86a1)
#14 0x5bd0be9a8f34 in _start
(/builds/qemu-project/qemu/build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-cirrus-vga+0xcf34)
(BuildId: 845b9265a3ae1439c62fb86e3bc4973f7ea7c960)

https://gitlab.com/qemu-project/qemu/-/jobs/14371480130

If this issue is caused by this pull request, please send a new
revision that solves the issue.

If this issue is not caused by this pull request, please let me know. Thanks!

Stefan

>
>  configs/targets/aarch64-softmmu.c |  6 ++---
>  configs/targets/arm-softmmu.c     |  6 ++---
>  include/qemu/module.h             |  1 +
>  include/qemu/target-info-init.h   | 53 +++++++++++++++++++++++++++++++++++++++
>  include/qemu/target-info-qom.h    | 30 ++++++++++++++++++++++
>  qom/object.c                      | 22 +++++-----------
>  system/vl.c                       |  4 +++
>  target-info-qom.c                 | 45 +++++++++++++++++++++++++++++++++
>  target-info-stub.c                |  6 ++---
>  9 files changed, 145 insertions(+), 28 deletions(-)
>  create mode 100644 include/qemu/target-info-init.h
>  create mode 100644 include/qemu/target-info-qom.h
>

Re: [PULL 0/5] Target-info update for 2026-05-12

[Philippe Mathieu-Daudé]

On 14/5/26 16:16, Stefan Hajnoczi wrote:
> On Tue, May 12, 2026 at 2:32 PM Pierrick Bouvier
> <pierrick.bouvier@oss.qualcomm.com> wrote:
>>
>> The following changes since commit 5e61afe211e82a9af15a8794a0bd29bb574e953b:
>>
>>    Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging (2026-05-11 10:49:53 -0400)
>>
>> are available in the Git repository at:
>>
>>    https://gitlab.com/p-b-o/qemu tags/pbouvier/pr/target_info-20260512
>>
>> for you to fetch changes up to 0fc2022c6331c5d5bdd9060c73d067abba3f5515:
>>
>>    target-info: replace target_info() in system-mode (2026-05-12 11:29:18 -0700)
>>
>> ----------------------------------------------------------------
>> Changes:
>> - [PATCH v6 0/5] single-binary: deduplicate target_info() (Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>)
>>    Link: https://lore.kernel.org/qemu-devel/20260512150208.1167711-1-pierrick.bouvier@oss.qualcomm.com
>>
>> ----------------------------------------------------------------
>> Pierrick Bouvier (5):
>>        qom/object: register OBJECT and INTERFACE QOM types before main
>>        qom/object: initialize type_table in static ctor with fundamental QOM types
>>        target-info: introduce TargetInfo in QOM
>>        target-info-qom: detect target from QOM
>>        target-info: replace target_info() in system-mode
> 
> Please take a look at this CI failure:
> 
> Testing ./build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-cirrus-vga
> ...
> AddressSanitizer:DEADLYSIGNAL
> =================================================================
> ==5334==ERROR: AddressSanitizer: SEGV on unknown address
> 0x000000000020 (pc 0x5bd0beb39ef4 bp 0x7ffe0ad764d0 sp 0x7ffe0ad764c0
> T0)
> ==5334==The signal is caused by a READ memory access.
> ==5334==Hint: address points to the zero page.
> #0 0x5bd0beb39ef4 in target_endian_mode
> /builds/qemu-project/qemu/build-oss-fuzz/../target-info.c:42:27
> #1 0x5bd0beb39ef4 in target_big_endian
> /builds/qemu-project/qemu/build-oss-fuzz/../target-info.c:47:12
> #2 0x5bd0bf4f1da1 in qtest_process_command
> /builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:705:13
> #3 0x5bd0bf4f1da1 in qtest_process_inbuf
> /builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:778:9
> #4 0x5bd0bf4eef54 in qtest_server_inproc_recv
> /builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:910:9
> #5 0x5bd0bfe18f85 in qtest_sendf
> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/libqtest.c:715:5
> #6 0x5bd0bfe15294 in qtest_query_target_endianness
> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/libqtest.c:804:5
> #7 0x5bd0bfe1f2f3 in qtest_inproc_init
> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/libqtest.c:2043:23
> #8 0x5bd0bfe71778 in qtest_setup
> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/fuzz/fuzz.c:64:12
> #9 0x5bd0bfe71778 in LLVMFuzzerInitialize
> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/fuzz/fuzz.c:206:16
> #10 0x5bd0be9b3b56 in fuzzer::FuzzerDriver(int*, char***, int
> (*)(unsigned char const*, unsigned long)) fuzzer.o
> #11 0x5bd0be9e2166 in main


IIUC the fuzzer mode doesn't call main() -> qemu_init() but a distinct
one via LLVMFuzzerInitialize().

We'd need to squash something like:

-- >8 --
diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index ca248a51a6c..90f07dcda3d 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -172,6 +172,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, 
char ***envp)
      /* Initialize qgraph and modules */
      qos_graph_init();
      module_call_init(MODULE_INIT_FUZZ_TARGET);
+    module_call_init(MODULE_INIT_TARGET_INFO);
      module_call_init(MODULE_INIT_QOM);
      module_call_init(MODULE_INIT_LIBQOS);

---

> (/builds/qemu-project/qemu/build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-cirrus-vga+0x46166)
> (BuildId: 845b9265a3ae1439c62fb86e3bc4973f7ea7c960)
> #12 0x7f7fef9a65b4 in __libc_start_call_main (/lib64/libc.so.6+0x35b4)
> (BuildId: abd2a4d896fed122b3f7da571746f193feeb86a1)
> #13 0x7f7fef9a6667 in __libc_start_main@GLIBC_2.2.5
> (/lib64/libc.so.6+0x3667) (BuildId:
> abd2a4d896fed122b3f7da571746f193feeb86a1)
> #14 0x5bd0be9a8f34 in _start
> (/builds/qemu-project/qemu/build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-cirrus-vga+0xcf34)
> (BuildId: 845b9265a3ae1439c62fb86e3bc4973f7ea7c960)
> 
> https://gitlab.com/qemu-project/qemu/-/jobs/14371480130
> 
> If this issue is caused by this pull request, please send a new
> revision that solves the issue.
> 
> If this issue is not caused by this pull request, please let me know. Thanks!
> 
> Stefan
> 
>>
>>   configs/targets/aarch64-softmmu.c |  6 ++---
>>   configs/targets/arm-softmmu.c     |  6 ++---
>>   include/qemu/module.h             |  1 +
>>   include/qemu/target-info-init.h   | 53 +++++++++++++++++++++++++++++++++++++++
>>   include/qemu/target-info-qom.h    | 30 ++++++++++++++++++++++
>>   qom/object.c                      | 22 +++++-----------
>>   system/vl.c                       |  4 +++
>>   target-info-qom.c                 | 45 +++++++++++++++++++++++++++++++++
>>   target-info-stub.c                |  6 ++---
>>   9 files changed, 145 insertions(+), 28 deletions(-)
>>   create mode 100644 include/qemu/target-info-init.h
>>   create mode 100644 include/qemu/target-info-qom.h
>>
> 

Re: [PULL 0/5] Target-info update for 2026-05-12

[Pierrick Bouvier]

On 5/14/2026 7:46 AM, Philippe Mathieu-Daudé wrote:
> On 14/5/26 16:16, Stefan Hajnoczi wrote:
>> On Tue, May 12, 2026 at 2:32 PM Pierrick Bouvier
>> <pierrick.bouvier@oss.qualcomm.com> wrote:
>>>
>>> The following changes since commit
>>> 5e61afe211e82a9af15a8794a0bd29bb574e953b:
>>>
>>>    Merge tag 'ui-pull-request' of https://gitlab.com/
>>> marcandre.lureau/qemu into staging (2026-05-11 10:49:53 -0400)
>>>
>>> are available in the Git repository at:
>>>
>>>    https://gitlab.com/p-b-o/qemu tags/pbouvier/pr/target_info-20260512
>>>
>>> for you to fetch changes up to 0fc2022c6331c5d5bdd9060c73d067abba3f5515:
>>>
>>>    target-info: replace target_info() in system-mode (2026-05-12
>>> 11:29:18 -0700)
>>>
>>> ----------------------------------------------------------------
>>> Changes:
>>> - [PATCH v6 0/5] single-binary: deduplicate target_info() (Pierrick
>>> Bouvier <pierrick.bouvier@oss.qualcomm.com>)
>>>    Link: https://lore.kernel.org/qemu-devel/20260512150208.1167711-1-
>>> pierrick.bouvier@oss.qualcomm.com
>>>
>>> ----------------------------------------------------------------
>>> Pierrick Bouvier (5):
>>>        qom/object: register OBJECT and INTERFACE QOM types before main
>>>        qom/object: initialize type_table in static ctor with
>>> fundamental QOM types
>>>        target-info: introduce TargetInfo in QOM
>>>        target-info-qom: detect target from QOM
>>>        target-info: replace target_info() in system-mode
>>
>> Please take a look at this CI failure:
>>
>> Testing ./build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-
>> cirrus-vga
>> ...
>> AddressSanitizer:DEADLYSIGNAL
>> =================================================================
>> ==5334==ERROR: AddressSanitizer: SEGV on unknown address
>> 0x000000000020 (pc 0x5bd0beb39ef4 bp 0x7ffe0ad764d0 sp 0x7ffe0ad764c0
>> T0)
>> ==5334==The signal is caused by a READ memory access.
>> ==5334==Hint: address points to the zero page.
>> #0 0x5bd0beb39ef4 in target_endian_mode
>> /builds/qemu-project/qemu/build-oss-fuzz/../target-info.c:42:27
>> #1 0x5bd0beb39ef4 in target_big_endian
>> /builds/qemu-project/qemu/build-oss-fuzz/../target-info.c:47:12
>> #2 0x5bd0bf4f1da1 in qtest_process_command
>> /builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:705:13
>> #3 0x5bd0bf4f1da1 in qtest_process_inbuf
>> /builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:778:9
>> #4 0x5bd0bf4eef54 in qtest_server_inproc_recv
>> /builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:910:9
>> #5 0x5bd0bfe18f85 in qtest_sendf
>> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/libqtest.c:715:5
>> #6 0x5bd0bfe15294 in qtest_query_target_endianness
>> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/libqtest.c:804:5
>> #7 0x5bd0bfe1f2f3 in qtest_inproc_init
>> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/
>> libqtest.c:2043:23
>> #8 0x5bd0bfe71778 in qtest_setup
>> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/fuzz/fuzz.c:64:12
>> #9 0x5bd0bfe71778 in LLVMFuzzerInitialize
>> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/fuzz/
>> fuzz.c:206:16
>> #10 0x5bd0be9b3b56 in fuzzer::FuzzerDriver(int*, char***, int
>> (*)(unsigned char const*, unsigned long)) fuzzer.o
>> #11 0x5bd0be9e2166 in main
> 
> 
> IIUC the fuzzer mode doesn't call main() -> qemu_init() but a distinct
> one via LLVMFuzzerInitialize().
> 
> We'd need to squash something like:
> 
> -- >8 --
> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> index ca248a51a6c..90f07dcda3d 100644
> --- a/tests/qtest/fuzz/fuzz.c
> +++ b/tests/qtest/fuzz/fuzz.c
> @@ -172,6 +172,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv,
> char ***envp)
>      /* Initialize qgraph and modules */
>      qos_graph_init();
>      module_call_init(MODULE_INIT_FUZZ_TARGET);
> +    module_call_init(MODULE_INIT_TARGET_INFO);
>      module_call_init(MODULE_INIT_QOM);
>      module_call_init(MODULE_INIT_LIBQOS);
>

Yes, this looks like the issue.
I'll reproduce, send a v7, and send PR once all tests are completed.

> ---
> 
>> (/builds/qemu-project/qemu/build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-
>> target-generic-fuzz-cirrus-vga+0x46166)
>> (BuildId: 845b9265a3ae1439c62fb86e3bc4973f7ea7c960)
>> #12 0x7f7fef9a65b4 in __libc_start_call_main (/lib64/libc.so.6+0x35b4)
>> (BuildId: abd2a4d896fed122b3f7da571746f193feeb86a1)
>> #13 0x7f7fef9a6667 in __libc_start_main@GLIBC_2.2.5
>> (/lib64/libc.so.6+0x3667) (BuildId:
>> abd2a4d896fed122b3f7da571746f193feeb86a1)
>> #14 0x5bd0be9a8f34 in _start
>> (/builds/qemu-project/qemu/build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-
>> target-generic-fuzz-cirrus-vga+0xcf34)
>> (BuildId: 845b9265a3ae1439c62fb86e3bc4973f7ea7c960)
>>
>> https://gitlab.com/qemu-project/qemu/-/jobs/14371480130
>>
>> If this issue is caused by this pull request, please send a new
>> revision that solves the issue.
>>
>> If this issue is not caused by this pull request, please let me know.
>> Thanks!
>>

Seems like it's definitely related to this PR, I'll fix the series.

>> Stefan
>>
>>>
>>>   configs/targets/aarch64-softmmu.c |  6 ++---
>>>   configs/targets/arm-softmmu.c     |  6 ++---
>>>   include/qemu/module.h             |  1 +
>>>   include/qemu/target-info-init.h   | 53 ++++++++++++++++++++++++++++
>>> +++++++++++
>>>   include/qemu/target-info-qom.h    | 30 ++++++++++++++++++++++
>>>   qom/object.c                      | 22 +++++-----------
>>>   system/vl.c                       |  4 +++
>>>   target-info-qom.c                 | 45 ++++++++++++++++++++++++++++
>>> +++++
>>>   target-info-stub.c                |  6 ++---
>>>   9 files changed, 145 insertions(+), 28 deletions(-)
>>>   create mode 100644 include/qemu/target-info-init.h
>>>   create mode 100644 include/qemu/target-info-qom.h
>>>
>>
> 

Thanks,
Pierrick

Re: [PULL 0/5] Target-info update for 2026-05-12

[Pierrick Bouvier]

On 5/14/2026 7:16 AM, Stefan Hajnoczi wrote:
> On Tue, May 12, 2026 at 2:32 PM Pierrick Bouvier
> <pierrick.bouvier@oss.qualcomm.com> wrote:
>>
>> The following changes since commit 5e61afe211e82a9af15a8794a0bd29bb574e953b:
>>
>>   Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging (2026-05-11 10:49:53 -0400)
>>
>> are available in the Git repository at:
>>
>>   https://gitlab.com/p-b-o/qemu tags/pbouvier/pr/target_info-20260512
>>
>> for you to fetch changes up to 0fc2022c6331c5d5bdd9060c73d067abba3f5515:
>>
>>   target-info: replace target_info() in system-mode (2026-05-12 11:29:18 -0700)
>>
>> ----------------------------------------------------------------
>> Changes:
>> - [PATCH v6 0/5] single-binary: deduplicate target_info() (Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>)
>>   Link: https://lore.kernel.org/qemu-devel/20260512150208.1167711-1-pierrick.bouvier@oss.qualcomm.com
>>
>> ----------------------------------------------------------------
>> Pierrick Bouvier (5):
>>       qom/object: register OBJECT and INTERFACE QOM types before main
>>       qom/object: initialize type_table in static ctor with fundamental QOM types
>>       target-info: introduce TargetInfo in QOM
>>       target-info-qom: detect target from QOM
>>       target-info: replace target_info() in system-mode
> 
> Please take a look at this CI failure:
> 
> Testing ./build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-cirrus-vga
> ...
> AddressSanitizer:DEADLYSIGNAL
> =================================================================
> ==5334==ERROR: AddressSanitizer: SEGV on unknown address
> 0x000000000020 (pc 0x5bd0beb39ef4 bp 0x7ffe0ad764d0 sp 0x7ffe0ad764c0
> T0)
> ==5334==The signal is caused by a READ memory access.
> ==5334==Hint: address points to the zero page.
> #0 0x5bd0beb39ef4 in target_endian_mode
> /builds/qemu-project/qemu/build-oss-fuzz/../target-info.c:42:27
> #1 0x5bd0beb39ef4 in target_big_endian
> /builds/qemu-project/qemu/build-oss-fuzz/../target-info.c:47:12
> #2 0x5bd0bf4f1da1 in qtest_process_command
> /builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:705:13
> #3 0x5bd0bf4f1da1 in qtest_process_inbuf
> /builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:778:9
> #4 0x5bd0bf4eef54 in qtest_server_inproc_recv
> /builds/qemu-project/qemu/build-oss-fuzz/../system/qtest.c:910:9
> #5 0x5bd0bfe18f85 in qtest_sendf
> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/libqtest.c:715:5
> #6 0x5bd0bfe15294 in qtest_query_target_endianness
> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/libqtest.c:804:5
> #7 0x5bd0bfe1f2f3 in qtest_inproc_init
> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/libqtest.c:2043:23
> #8 0x5bd0bfe71778 in qtest_setup
> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/fuzz/fuzz.c:64:12
> #9 0x5bd0bfe71778 in LLVMFuzzerInitialize
> /builds/qemu-project/qemu/build-oss-fuzz/../tests/qtest/fuzz/fuzz.c:206:16
> #10 0x5bd0be9b3b56 in fuzzer::FuzzerDriver(int*, char***, int
> (*)(unsigned char const*, unsigned long)) fuzzer.o
> #11 0x5bd0be9e2166 in main
> (/builds/qemu-project/qemu/build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-cirrus-vga+0x46166)
> (BuildId: 845b9265a3ae1439c62fb86e3bc4973f7ea7c960)
> #12 0x7f7fef9a65b4 in __libc_start_call_main (/lib64/libc.so.6+0x35b4)
> (BuildId: abd2a4d896fed122b3f7da571746f193feeb86a1)
> #13 0x7f7fef9a6667 in __libc_start_main@GLIBC_2.2.5
> (/lib64/libc.so.6+0x3667) (BuildId:
> abd2a4d896fed122b3f7da571746f193feeb86a1)
> #14 0x5bd0be9a8f34 in _start
> (/builds/qemu-project/qemu/build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-cirrus-vga+0xcf34)
> (BuildId: 845b9265a3ae1439c62fb86e3bc4973f7ea7c960)
> 
> https://gitlab.com/qemu-project/qemu/-/jobs/14371480130
> 
> If this issue is caused by this pull request, please send a new
> revision that solves the issue.
> 
> If this issue is not caused by this pull request, please let me know. Thanks!
> 
> Stefan
> 
>>
>>  configs/targets/aarch64-softmmu.c |  6 ++---
>>  configs/targets/arm-softmmu.c     |  6 ++---
>>  include/qemu/module.h             |  1 +
>>  include/qemu/target-info-init.h   | 53 +++++++++++++++++++++++++++++++++++++++
>>  include/qemu/target-info-qom.h    | 30 ++++++++++++++++++++++
>>  qom/object.c                      | 22 +++++-----------
>>  system/vl.c                       |  4 +++
>>  target-info-qom.c                 | 45 +++++++++++++++++++++++++++++++++
>>  target-info-stub.c                |  6 ++---
>>  9 files changed, 145 insertions(+), 28 deletions(-)
>>  create mode 100644 include/qemu/target-info-init.h
>>  create mode 100644 include/qemu/target-info-qom.h
>>

Sent a new PR with the fix included:
https://lore.kernel.org/qemu-devel/20260514195427.1706609-1-pierrick.bouvier@oss.qualcomm.com/T/#t

Regards,
Pierrick