client: Cache client_fscrypt_as config value

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 910f36fbd36276cd1a8b3eafaa4a2014d9f61cd2..0c01b8702e5a203934a9eb4d002283b67efb281d 100644 (file)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -436,6 +436,9 @@ Client::Client(Messenger *m, MonClient *mc, Objecter *objecter_)
   respect_subvolume_snapshot_visibility = cct->_conf.get_val<bool>(
     "client_respect_subvolume_snapshot_visibility");
 
+  fscrypt_as = cct->_conf.get_val<bool>(
+    "client_fscrypt_as");
+
   if (cct->_conf->client_acl_type == "posix_acl")
     acl_type = POSIX_ACL;
 
@@ -3980,7 +3983,7 @@ int Client::get_caps(Fh *fh, int need, int want, int *phave, loff_t endoff)
     if ((need & CEPH_CAP_FILE_WR) &&
         ((in->auth_cap && in->auth_cap->session->readonly) ||
         // (is locked)
-        (in->is_fscrypt_enabled() && is_inode_locked(in) && cct->_conf.get_val<bool>("client_fscrypt_as"))))
+        (in->is_fscrypt_enabled() && is_inode_locked(in) && fscrypt_as)))
       return -EROFS;
 
     if (in->flags & I_CAP_DROPPED) {
@@ -6367,7 +6370,7 @@ int Client::may_open(const InodeRef& in, int flags, const UserPerm& perms)
   ldout(cct, 20) << __func__ << " " << *in << "; " << perms << dendl;
   unsigned want = 0;
 
-  if (!in->is_dir() && is_inode_locked(in) && cct->_conf.get_val<bool>("client_fscrypt_as"))
+  if (!in->is_dir() && is_inode_locked(in) && fscrypt_as)
     return -ENOKEY;
 
   if ((flags & O_ACCMODE) == O_WRONLY)
@@ -6423,7 +6426,7 @@ out:
 int Client::may_create(const InodeRef& dir, const UserPerm& perms)
 {
   ldout(cct, 20) << __func__ << " " << *dir << "; " << perms << dendl;
-  if (dir->is_dir() && is_inode_locked(dir) && cct->_conf.get_val<bool>("client_fscrypt_as"))
+  if (dir->is_dir() && is_inode_locked(dir) && fscrypt_as)
     return -ENOKEY;
 
   int r = _getattr_for_perm(dir, perms);
@@ -8530,7 +8533,7 @@ int Client::_do_setattr(Inode *in, struct ceph_statx *stx, int mask,
     if (in->is_fscrypt_enabled() && stx_size < in->effective_size() &&
         stx_size % FSCRYPT_BLOCK_SIZE != 0 &&
         (mask & CEPH_SETATTR_FSCRYPT_FILE) && stx_size != 0 &&
-        cct->_conf.get_val<bool>("client_fscrypt_as")) {
+        fscrypt_as) {
       // steps:
       // 1. read last block
 
@@ -16086,7 +16089,7 @@ int Client::_symlink(Inode *dir, const char *name, const char *target,
     req->fscrypt_file = fscrypt_options.fscrypt_file;
 
   auto fscrypt_ctx = fscrypt->init_ctx(req->fscrypt_auth);
-  if (fscrypt_ctx && cct->_conf.get_val<bool>("client_fscrypt_as")) {
+  if (fscrypt_ctx && fscrypt_as) {
     auto fscrypt_denc = fscrypt->get_fname_denc(fscrypt_ctx, nullptr, true);
 
     string enc_target;
@@ -18593,6 +18596,7 @@ std::vector<std::string> Client::get_tracked_keys() const noexcept
     "client_caps_release_delay",
     "client_deleg_break_on_open",
     "client_deleg_timeout",
+    "client_fscrypt_as",
     "client_inject_write_delay_secs",
     "client_mount_timeout",
     "client_oc_max_dirty",
@@ -18664,6 +18668,10 @@ void Client::handle_conf_change(const ConfigProxy& conf,
     respect_subvolume_snapshot_visibility = cct->_conf.get_val<bool>(
       "client_respect_subvolume_snapshot_visibility");
   }
+  if (changed.count("client_fscrypt_as")) {
+    fscrypt_as = cct->_conf.get_val<bool>(
+      "client_fscrypt_as");
+  }
 }
 
 void intrusive_ptr_add_ref(Inode *in)

diff --git a/src/client/Client.h b/src/client/Client.h
index a686170563fa3afc623b60632e0040ede6d4957b..10cca9ce4333d250ccc7c4490004b90b6e5ae70b 100644 (file)
--- a/src/client/Client.h
+++ b/src/client/Client.h
@@ -1013,6 +1013,10 @@ public:
     return fuse_default_permissions;
   }
 
+  bool get_fscrypt_as() const {
+    return fscrypt_as;
+  }
+
   /* timer_lock for 'timer' */
   ceph::mutex timer_lock = ceph::make_mutex("Client::timer_lock");
   SafeTimer timer;
@@ -2321,6 +2325,8 @@ private:
   // trace generation
   std::ofstream traceout;
 
+  bool fscrypt_as;
+
   ceph::condition_variable mount_cond, sync_cond;
 
   std::map<std::pair<int64_t,std::string>, int> pool_perms;

diff --git a/src/client/Inode.cc b/src/client/Inode.cc
index d115c4ebc9fd9da10284c7876e48c436d1ee9ace..0422fd77a0433268fd2502e0bb92c28bdf21fb73 100644 (file)
--- a/src/client/Inode.cc
+++ b/src/client/Inode.cc
@@ -876,7 +876,7 @@ void Inode::gen_inherited_fscrypt_auth(std::vector<uint8_t> *fsa)
 
 uint64_t Inode::effective_size() const
 {
-  if (fscrypt_file.size() < sizeof(uint64_t) || !client->cct->_conf.get_val<bool>("client_fscrypt_as")) {
+  if (fscrypt_file.size() < sizeof(uint64_t) || !client->get_fscrypt_as()) {
     return size;
   }