From: Xiubo Li <xiubli@redhat.com>
Date: Tue, 14 Feb 2023 11:16:07 +0000 (+0800)
Subject: client: switch to clear_suid_sgid for _write()
X-Git-Tag: v18.1.2~8^2~6
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=71e642025098a02f83ee1f1f9dea596ce292e301;p=ceph.git

client: switch to clear_suid_sgid for _write()

Currently the write will clear the suid/sgid always even the
privileged users are writing the file. This isn't consistent with
all the other existing filesystems in Linux.

Fixes: https://tracker.ceph.com/issues/58680
Signed-off-by: Xiubo Li <xiubli@redhat.com>
(cherry picked from commit dda31b831d4ff7c30742d1e22ec183ef2414179b)
---

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 4d74058b9d8b..1e5d43f08f38 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -10723,18 +10723,13 @@ int64_t Client::_write(Fh *f, int64_t offset, uint64_t size, const char *buf,
   if (r < 0)
     return r;
 
-  /* clear the setuid/setgid bits, if any */
-  if (unlikely(in->mode & (S_ISUID|S_ISGID)) && size > 0) {
-    struct ceph_statx stx = { 0 };
-
-    put_cap_ref(in, CEPH_CAP_AUTH_SHARED);
-    r = __setattrx(in, &stx, CEPH_SETATTR_KILL_SGUID, f->actor_perms);
+  put_cap_ref(in, CEPH_CAP_AUTH_SHARED);
+  if (size > 0) {
+    r = clear_suid_sgid(in, f->actor_perms);
     if (r < 0) {
       put_cap_ref(in, CEPH_CAP_FILE_WR);
       return r;
     }
-  } else {
-    put_cap_ref(in, CEPH_CAP_AUTH_SHARED);
   }
 
   if (f->flags & O_DIRECT)