From a64651d1b4c6074e678a76b9fbe441d8f6c3cd79 Mon Sep 17 00:00:00 2001 From: Christopher Hoffman Date: Tue, 3 Jun 2025 18:12:30 +0000 Subject: [PATCH] client: Cache client_fscrypt_as config value Signed-off-by: Christopher Hoffman --- src/client/Client.cc | 18 +++++++++++++----- src/client/Client.h | 6 ++++++ src/client/Inode.cc | 2 +- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/client/Client.cc b/src/client/Client.cc index f1be0c78e98..9f44e238809 100644 --- a/src/client/Client.cc +++ b/src/client/Client.cc @@ -426,6 +426,9 @@ Client::Client(Messenger *m, MonClient *mc, Objecter *objecter_) caps_release_delay = cct->_conf.get_val( "client_caps_release_delay"); + fscrypt_as = cct->_conf.get_val( + "client_fscrypt_as"); + if (cct->_conf->client_acl_type == "posix_acl") acl_type = POSIX_ACL; @@ -3955,7 +3958,7 @@ int Client::get_caps(Fh *fh, int need, int want, int *phave, loff_t endoff) if ((need & CEPH_CAP_FILE_WR) && ((in->auth_cap && in->auth_cap->session->readonly) || // (is locked) - (in->is_fscrypt_enabled() && is_inode_locked(in) && cct->_conf.get_val("client_fscrypt_as")))) + (in->is_fscrypt_enabled() && is_inode_locked(in) && fscrypt_as))) return -EROFS; if (in->flags & I_CAP_DROPPED) { @@ -6330,7 +6333,7 @@ int Client::may_open(const InodeRef& in, int flags, const UserPerm& perms) ldout(cct, 20) << __func__ << " " << *in << "; " << perms << dendl; unsigned want = 0; - if (!in->is_dir() && is_inode_locked(in) && cct->_conf.get_val("client_fscrypt_as")) + if (!in->is_dir() && is_inode_locked(in) && fscrypt_as) return -ENOKEY; if ((flags & O_ACCMODE) == O_WRONLY) @@ -6386,7 +6389,7 @@ out: int Client::may_create(const InodeRef& dir, const UserPerm& perms) { ldout(cct, 20) << __func__ << " " << *dir << "; " << perms << dendl; - if (dir->is_dir() && is_inode_locked(dir) && cct->_conf.get_val("client_fscrypt_as")) + if (dir->is_dir() && is_inode_locked(dir) && fscrypt_as) return -ENOKEY; int r = _getattr_for_perm(dir, perms); @@ -8467,7 +8470,7 @@ int Client::_do_setattr(Inode *in, struct ceph_statx *stx, int mask, if (in->is_fscrypt_enabled() && stx_size < in->effective_size() && stx_size % FSCRYPT_BLOCK_SIZE != 0 && (mask & CEPH_SETATTR_FSCRYPT_FILE) && stx_size != 0 && - cct->_conf.get_val("client_fscrypt_as")) { + fscrypt_as) { // steps: // 1. read last block @@ -15969,7 +15972,7 @@ int Client::_symlink(Inode *dir, const char *name, const char *target, req->fscrypt_file = fscrypt_options.fscrypt_file; auto fscrypt_ctx = fscrypt->init_ctx(req->fscrypt_auth); - if (fscrypt_ctx && cct->_conf.get_val("client_fscrypt_as")) { + if (fscrypt_ctx && fscrypt_as) { auto fscrypt_denc = fscrypt->get_fname_denc(fscrypt_ctx, nullptr, true); string enc_target; @@ -18475,6 +18478,7 @@ std::vector Client::get_tracked_keys() const noexcept "client_caps_release_delay", "client_deleg_break_on_open", "client_deleg_timeout", + "client_fscrypt_as", "client_mount_timeout", "client_oc_max_dirty", "client_oc_max_dirty_age", @@ -18536,6 +18540,10 @@ void Client::handle_conf_change(const ConfigProxy& conf, mount_timeout = cct->_conf.get_val( "client_mount_timeout"); } + if (changed.count("client_fscrypt_as")) { + fscrypt_as = cct->_conf.get_val( + "client_fscrypt_as"); + } } void intrusive_ptr_add_ref(Inode *in) diff --git a/src/client/Client.h b/src/client/Client.h index 42cb12aaaba..3b86078f179 100644 --- a/src/client/Client.h +++ b/src/client/Client.h @@ -974,6 +974,10 @@ public: return fuse_default_permissions; } + bool get_fscrypt_as() const { + return fscrypt_as; + } + /* timer_lock for 'timer' */ ceph::mutex timer_lock = ceph::make_mutex("Client::timer_lock"); SafeTimer timer; @@ -2269,6 +2273,8 @@ private: // trace generation std::ofstream traceout; + bool fscrypt_as; + ceph::condition_variable mount_cond, sync_cond; std::map, int> pool_perms; diff --git a/src/client/Inode.cc b/src/client/Inode.cc index fd970589137..4f218712eae 100644 --- a/src/client/Inode.cc +++ b/src/client/Inode.cc @@ -861,7 +861,7 @@ void Inode::gen_inherited_fscrypt_auth(std::vector *fsa) uint64_t Inode::effective_size() const { - if (fscrypt_file.size() < sizeof(uint64_t) || !client->cct->_conf.get_val("client_fscrypt_as")) { + if (fscrypt_file.size() < sizeof(uint64_t) || !client->get_fscrypt_as()) { return size; } -- 2.39.5