On Fri, Jan 23, 2026 at 4:00 AM Markus Armbruster <[email protected]> wrote: > > User-created qdevs with ID show up at /machine/peripheral/ID. > > When we restricted QemOpts IDs to letters, digits, '-', '.', '_', > starting with a letter in commit b560a9ab9be: (qemu-option: Reject > anti-social IDs) a long time ago, this also covered qdev IDs. Looks > like this: > > (qemu) device_add usb-mouse,id=/ > qemu-system-x86_64: Parameter 'id' expects an identifier > Identifiers consist of letters, digits, '-', '.', '_', starting with a > letter. > Try "help device_add" for more information > > QMP, however: > > {"execute": "device_add", "arguments": {"driver": "usb-mouse", "id": "/"}} > {"return": {}} > > This creates a device with canonical path "/machine/peripheral//". > That way is madness. > > We accidentally bypassed qdev ID validation for QMP when we cut the > detour through QemuOpts in commit b30d8054642. > > Fix by validating IDs one layer down, in qdev_set_id(). > > Arguably, QOM should protect itself from QOM path components > containing '/', but let's just fix the regression for now. > > Fixes: be93fd53723c (qdev-monitor: avoid QemuOpts in QMP device_add) > Signed-off-by: Markus Armbruster <[email protected]> > --- > system/qdev-monitor.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-)
Reviewed-by: Stefan Hajnoczi <[email protected]>
