From c79b57abf1ee7e558a9fd111d1b024bb226ec3d4 Mon Sep 17 00:00:00 2001
From: Patrick Donnelly <pdonnell@ibm.com>
Date: Thu, 14 Nov 2024 12:39:00 -0500
Subject: [PATCH] client: cache client_permissions config

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
Fixes: https://tracker.ceph.com/issues/66373
(cherry picked from commit d27eb1aab68b2cd5345dfca58d3384ea4d9e3ffc)
---
 src/client/Client.cc                  | 49 +++++++++++++++------------
 src/client/Client.h                   |  2 ++
 src/common/options/mds-client.yaml.in |  3 +-
 3 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/src/client/Client.cc b/src/client/Client.cc
index f457db4c39a..c6774006d8a 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -377,6 +377,7 @@ Client::Client(Messenger *m, MonClient *mc, Objecter *objecter_)
 
   user_id = cct->_conf->client_mount_uid;
   group_id = cct->_conf->client_mount_gid;
+  client_permissions = cct->_conf.get_val<bool>("client_permissions");
   fuse_default_permissions = cct->_conf.get_val<bool>(
     "fuse_default_permissions");
 
@@ -6202,7 +6203,7 @@ int Client::may_delete(const char *relpath, const UserPerm& perms) {
   int r = path_walk(path, &dir, perms);
   if (r < 0)
     return r;
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     int r = may_delete(dir.get(), name.c_str(), perms);
     if (r < 0)
       return r;
@@ -7519,7 +7520,7 @@ int Client::path_walk(const filepath& origpath, walk_dentry_result* result, cons
     ldout(cct, 10) << " " << i << " " << *cur << " " << dname << dendl;
     ldout(cct, 20) << "  (path is " << path << ")" << dendl;
     InodeRef next;
-    if (cct->_conf->client_permissions) {
+    if (client_permissions) {
       int r = may_lookup(cur.get(), perms);
       if (r < 0)
 	return r;
@@ -7613,7 +7614,7 @@ int Client::link(const char *relexisting, const char *relpath, const UserPerm& p
   r = path_walk(path, &dir, perm, true);
   if (r < 0)
     return r;
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     if (S_ISDIR(in->mode)) {
       r = -EPERM;
       return r;
@@ -7667,7 +7668,7 @@ int Client::unlinkat(int dirfd, const char *relpath, int flags, const UserPerm&
   if (r < 0) {
     return r;
   }
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     r = may_delete(dir.get(), name.c_str(), perm);
     if (r < 0) {
       return r;
@@ -7711,7 +7712,7 @@ int Client::rename(const char *relfrom, const char *relto, const UserPerm& perm,
   if (r < 0)
     goto out;
 
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     int r = may_delete(fromdir.get(), fromname.c_str(), perm);
     if (r < 0)
       return r;
@@ -7765,7 +7766,7 @@ int Client::mkdirat(int dirfd, const char *relpath, mode_t mode, const UserPerm&
   if (r < 0) {
     return r;
   }
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     r = may_create(dir.get(), perm);
     if (r < 0) {
       return r;
@@ -7794,7 +7795,7 @@ int Client::mkdirs(const char *relpath, mode_t mode, const UserPerm& perms)
   std::scoped_lock lock(client_lock);
   cur = cwd;
   for (i=0; i<path.depth(); ++i) {
-    if (cct->_conf->client_permissions) {
+    if (client_permissions) {
       r = may_lookup(cur.get(), perms);
       if (r < 0)
 	break;
@@ -7809,7 +7810,7 @@ int Client::mkdirs(const char *relpath, mode_t mode, const UserPerm& perms)
   ldout(cct, 20) << __func__ << " got through " << i << " directories on path " << relpath << dendl;
   //make new directory at each level
   for (; i<path.depth(); ++i) {
-    if (cct->_conf->client_permissions) {
+    if (client_permissions) {
       r = may_create(cur.get(), perms);
       if (r < 0)
 	return r;
@@ -7859,7 +7860,7 @@ int Client::mknod(const char *relpath, mode_t mode, const UserPerm& perms, dev_t
   int r = path_walk(path, &dir, perms);
   if (r < 0)
     return r;
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     int r = may_create(dir.get(), perms);
     if (r < 0)
       return r;
@@ -7907,7 +7908,7 @@ int Client::symlinkat(const char *target, int dirfd, const char *relpath, const
   if (r < 0) {
     return r;
   }
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     int r = may_create(dir.get(), perms);
     if (r < 0) {
       return r;
@@ -8394,7 +8395,7 @@ int Client::_setattrx(InodeRef &in, struct ceph_statx *stx, int mask,
 	   CEPH_SETATTR_GID | CEPH_SETATTR_MTIME |
 	   CEPH_SETATTR_ATIME | CEPH_SETATTR_SIZE |
 	   CEPH_SETATTR_CTIME | CEPH_SETATTR_BTIME);
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     int r = may_setattr(in.get(), stx, mask, perms);
     if (r < 0)
       return r;
@@ -9112,7 +9113,7 @@ int Client::opendir(const char *relpath, dir_result_t **dirpp, const UserPerm& p
   int r = path_walk(path, &in, perms, true);
   if (r < 0)
     return r;
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     int r = may_open(in.get(), O_RDONLY, perms);
     if (r < 0)
       return r;
@@ -9140,7 +9141,7 @@ int Client::fdopendir(int dirfd, dir_result_t **dirpp, const UserPerm &perms) {
     return r;
   }
 
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     r = may_open(dirinode.get(), O_RDONLY, perms);
     if (r < 0) {
       return r;
@@ -10034,11 +10035,11 @@ int Client::create_and_open(int dirfd, const char *relpath, int flags,
     dirpath.pop_dentry();
     InodeRef dir;
     r = path_walk(dirpath, &dir, perms, true,
-                  cct->_conf->client_permissions ? CEPH_CAP_AUTH_SHARED : 0, dirinode);
+                  client_permissions ? CEPH_CAP_AUTH_SHARED : 0, dirinode);
     if (r < 0) {
       goto out;
     }
-    if (cct->_conf->client_permissions) {
+    if (client_permissions) {
       r = may_create(dir.get(), perms);
       if (r < 0)
         goto out;
@@ -10052,7 +10053,7 @@ int Client::create_and_open(int dirfd, const char *relpath, int flags,
 
   if (!created) {
     // posix says we can only check permissions of existing files
-    if (cct->_conf->client_permissions) {
+    if (client_permissions) {
       r = may_open(in.get(), flags, perms);
       if (r < 0)
         goto out;
@@ -12976,7 +12977,7 @@ int Client::mksnap(const char *relpath, const char *name, const UserPerm& perm,
   int r = path_walk(path, &in, perm);
   if (r < 0)
     return r;
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     r = may_create(in.get(), perm);
     if (r < 0)
       return r;
@@ -12999,7 +13000,7 @@ int Client::rmsnap(const char *relpath, const char *name, const UserPerm& perms,
   if (r < 0)
     return r;
   Inode *snapdir = open_snapdir(in.get());
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     r = may_delete(snapdir, check_perms ? name : NULL, perms);
     if (r < 0)
       return r;
@@ -13810,7 +13811,7 @@ int Client::_getxattr(Inode *in, const char *name, void *value, size_t size,
 int Client::_getxattr(InodeRef &in, const char *name, void *value, size_t size,
 		      const UserPerm& perms)
 {
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     int r = xattr_permission(in.get(), name, CLIENT_MAY_READ, perms);
     if (r < 0)
       return r;
@@ -14019,7 +14020,7 @@ int Client::_setxattr(Inode *in, const char *name, const void *value,
 int Client::_setxattr(InodeRef &in, const char *name, const void *value,
 		      size_t size, int flags, const UserPerm& perms)
 {
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     int r = xattr_permission(in.get(), name, CLIENT_MAY_WRITE, perms);
     if (r < 0)
       return r;
@@ -14155,7 +14156,7 @@ int Client::_removexattr(Inode *in, const char *name, const UserPerm& perms)
 
 int Client::_removexattr(InodeRef &in, const char *name, const UserPerm& perms)
 {
-  if (cct->_conf->client_permissions) {
+  if (client_permissions) {
     int r = xattr_permission(in.get(), name, CLIENT_MAY_WRITE, perms);
     if (r < 0)
       return r;
@@ -17342,7 +17343,8 @@ const char** Client::get_tracked_conf_keys() const
     "client_oc_max_dirty_age", \
     "client_oc_max_objects", \
     "client_oc_size", \
-    "client_oc_target_dirty" \
+    "client_oc_target_dirty", \
+    "client_permissions" \
 
   constexpr bool is_sorted = [] () constexpr {
     constexpr auto arr = std::to_array<std::string_view>({KEYS});
@@ -17367,6 +17369,9 @@ void Client::handle_conf_change(const ConfigProxy& conf,
 
   std::scoped_lock lock(client_lock);
 
+  if (changed.count("client_permissions")) {
+    client_permissions = cct->_conf.get_val<bool>("client_permissions");
+  }
   if (changed.count("client_cache_mid")) {
     lru.lru_set_midpoint(cct->_conf->client_cache_mid);
   }
diff --git a/src/client/Client.h b/src/client/Client.h
index 92bd6ab133f..5b575b9c8a1 100644
--- a/src/client/Client.h
+++ b/src/client/Client.h
@@ -1939,6 +1939,8 @@ private:
   std::vector<MDSCapAuth> cap_auths;
 
   feature_bitset_t myfeatures;
+
+  bool client_permissions;
 };
 
 /**
diff --git a/src/common/options/mds-client.yaml.in b/src/common/options/mds-client.yaml.in
index 28912cdb129..ea7ad398533 100644
--- a/src/common/options/mds-client.yaml.in
+++ b/src/common/options/mds-client.yaml.in
@@ -312,7 +312,8 @@ options:
   default: true
   services:
   - mds_client
-  with_legacy: true
+  flags:
+  - runtime
 - name: client_dirsize_rbytes
   type: bool
   level: advanced
-- 
2.39.5