git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Jann Horn <jannh@google.com>
	Mon, 23 Feb 2026 19:59:33 +0000 (20:59 +0100)
committer	Christian Brauner <brauner@kernel.org>
	Tue, 24 Feb 2026 09:21:30 +0000 (10:21 +0100)
commit	fdcfce93073d990ed4b71752e31ad1c1d6e9d58b
tree	bf12f9534e30ab1ae234fbdafefa3912a2c80431	tree
parent	f6a495484a27150fb85f943e1a7464da88c2a797	commit \| diff

eventpoll: Fix integer overflow in ep_loop_check_proc()

If a recursive call to ep_loop_check_proc() hits the `result = INT_MAX`,
an integer overflow will occur in the calling ep_loop_check_proc() at
`result = max(result, ep_loop_check_proc(ep_tovisit, depth + 1) + 1)`,
breaking the recursion depth check.

Fix it by using a different placeholder value that can't lead to an
overflow.

Reported-by: Guenter Roeck <linux@roeck-us.net>
Fixes: f2e467a48287 ("eventpoll: Fix semi-unbounded recursion")
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Link: https://patch.msgid.link/20260223-epoll-int-overflow-v1-1-452f35132224@google.com
Signed-off-by: Christian Brauner <brauner@kernel.org>