From cfa1539b24aff18ecb71c6334e7270f810d145bb Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Thu, 23 Apr 2026 05:10:45 -0600 Subject: [PATCH] io_uring/epoll: disallow adding an epoll file to an epoll context One of the nastier things about epoll is how it allows adding epoll files to epoll contexts. This leads to all sorts of loop detection code, and has been a source of issues in the past. Arguably adding IORING_EPOLL_CTL is a historical mistake on the io_uring side, but we're kind of stuck with it now as it does seem to be in use according to code searches. But we can at least minimize the damage a bit and just disallow this part of epoll, where nesting issues can arise. Suggested-by: Linus Torvalds Signed-off-by: Jens Axboe --- io_uring/epoll.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/io_uring/epoll.c b/io_uring/epoll.c index b9db8bde27ec8..eecd748cad018 100644 --- a/io_uring/epoll.c +++ b/io_uring/epoll.c @@ -62,6 +62,9 @@ int io_epoll_ctl(struct io_kiocb *req, unsigned int issue_flags) CLASS(fd, tf)(ie->fd); if (fd_empty(tf)) return -EBADF; + /* disallow adding an epoll context to another epoll context */ + if (ie->op == EPOLL_CTL_ADD && is_file_epoll(fd_file(tf))) + return -EINVAL; key.file = fd_file(tf); key.fd = ie->fd; -- 2.47.3