From: Jens Axboe Date: Thu, 23 Apr 2026 11:10:45 +0000 (-0600) Subject: io_uring/epoll: disallow adding an epoll file to an epoll context X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cfa1539b24aff18ecb71c6334e7270f810d145bb;p=thirdparty%2Flinux.git io_uring/epoll: disallow adding an epoll file to an epoll context One of the nastier things about epoll is how it allows adding epoll files to epoll contexts. This leads to all sorts of loop detection code, and has been a source of issues in the past. Arguably adding IORING_EPOLL_CTL is a historical mistake on the io_uring side, but we're kind of stuck with it now as it does seem to be in use according to code searches. But we can at least minimize the damage a bit and just disallow this part of epoll, where nesting issues can arise. Suggested-by: Linus Torvalds Signed-off-by: Jens Axboe --- diff --git a/io_uring/epoll.c b/io_uring/epoll.c index b9db8bde27ec8..eecd748cad018 100644 --- a/io_uring/epoll.c +++ b/io_uring/epoll.c @@ -62,6 +62,9 @@ int io_epoll_ctl(struct io_kiocb *req, unsigned int issue_flags) CLASS(fd, tf)(ie->fd); if (fd_empty(tf)) return -EBADF; + /* disallow adding an epoll context to another epoll context */ + if (ie->op == EPOLL_CTL_ADD && is_file_epoll(fd_file(tf))) + return -EINVAL; key.file = fd_file(tf); key.fd = ie->fd;