[Bugme-new] [Bug 40512] New: EXT4_IOC_MIGRATE is dangerous on directories

[bugzilla-daemon at bugzilla.kernel.org]

https://bugzilla.kernel.org/show_bug.cgi?id=40512

           Summary: EXT4_IOC_MIGRATE is dangerous on directories
           Product: File System
           Version: 2.5
    Kernel Version: 2.6.39
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: high
          Priority: P1
         Component: ext4
        AssignedTo: fs_ext4 at kernel-bugs.osdl.org
        ReportedBy: benjamin at python.org
        Regression: No


Using EXT4_IOC_MIGRATE on a non-extent directory seems to have terrible
consequences. Consider the following example. "dir" is a old directory without
extents.

$ ls -la dir/
total 12
drwxr-xr-x  2 benjamin benjamin 4096 Aug  3 20:42 .
drwxr-xr-x 47 benjamin benjamin 4096 Aug  3 20:42 ..
-rw-r-----  1 benjamin benjamin    7 Aug  3 20:42 something.txt
$ cat migrate.c
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>

int
main(int argc, char **argv)
{
    const char *fn = argv[1];
    int fd, ret;

    fd = open(fn, O_RDONLY);
    /* This invokes EXT4_IOC_MIGRATE. */
    ret = ioctl(fd, 0x6609);
    close(fd);
    if (ret < 0) {
        fprintf(stderr, "ioctl failed\n");
        return 1;
    }
    printf("Migration successful?\n");
    return 0;
}
$ gcc -o migrate migrate.c
$ ./migrate dir
Migration successful?
$ ls -la dir
total 0 # !!!!!!!!!!!!!!

Also, we why are you allowed to migrate stuff with only O_RDONLY access?

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.