Bug 2359598

Summary: [CephFS - FScrypt] Read-Write in locked mode returns "Input/output error" but error similar to "Required key not available" is expected
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: sumr
Component: CephFSAssignee: Igor Golikov <igolikov>
Status: CLOSED ERRATA QA Contact: sumr
Severity: high Docs Contact: Rivka Pollack <rpollack>
Priority: unspecified    
Version: 8.1CC: ceph-eng-bugs, cephqe-warriors, choffman, gfarnum, hyelloji, igolikov, rpollack, tserlin
Target Milestone: ---Flags: hyelloji: needinfo? (igolikov)
Target Release: 8.1   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ceph-19.2.1-198.el9cp Doc Type: Bug Fix
Doc Text:
.Error mapping now displays specific error message Previously, an incorrect mapping of the error code to the user message resulted in a generic message being displayed. As a result, users did not see the specific details of the error encountered. With this fix, the mapping has been corrected to show an error-specific message, ensuring that users receive detailed feedback for the error.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2025-06-26 12:30:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2351689    

Description sumr 2025-04-14 20:26:31 UTC 
Description of problem:

In ceph-fuse mountpoint, when Read-Write is attempted to encrypted directory in locked mode, error returned is "Input/output error" but error similar to "Required key not available" to be returned.

===========================================================
[root@ceph-cephfs-upgrade-uxsxo5-node6 sv1_fuse]# fscrypt status testdir1
"testdir1" is encrypted with fscrypt.

Policy:   0141a5dceb9d755850a530df152e85d3
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
beed32b0354e062d  No      custom protector "cephfs"

[root@ceph-cephfs-upgrade-uxsxo5-node6 testdir1]# cp DXgpqHoeuoTX32t4hmV6PxDM75i85XMD8PKcUDtw8Bc messages_1
cp: cannot open 'DXgpqHoeuoTX32t4hmV6PxDM75i85XMD8PKcUDtw8Bc' for reading: Input/output error

[root@ceph-cephfs-upgrade-uxsxo5-node6 testdir1]# cat 2iyouJVENCN6m1zczhZq5jVABGwI+7X8vJ+bYWp6myg 
cat: 2iyouJVENCN6m1zczhZq5jVABGwI+7X8vJ+bYWp6myg: Input/output error
======================================================

Because, in Kernel mountpoint with fscrypt supported kernel(>v6.6) error returned for Read-write in locked mode is as below,

=======================================================

ziJD,cJlDQDAKKkg5bJbsoo5ndx7jgfrDzxDd8nXzZ8]# echo cephfs_test > N8ggccfHSqI9uzAgn1Bklvk2L5+Sl7QEOMgvhi7Q4FA 
-bash: N8ggccfHSqI9uzAgn1Bklvk2L5+Sl7QEOMgvhi7Q4FA: Required key not available

=======================================================

which seems appropriate as we are hinting user that there is need for key for RW ops to be performed on encrypted directory.

But the current error string 'Input/output error' is very generic, neither suggesting the reason for error nor the next action.


Version-Release number of selected component (if applicable):  19.2.1-128.el9cp


How reproducible:


Steps to Reproduce:
1. Setup fscrypt on Rhel9.5 latest using https://github.com/ceph/fscrypt/tree/wip-ceph-fuse
2. Create CephFS subvolume and perform ceph-fuse mount
3. Create empty directory and enable encrypt on dir path
4. Add file and lock the dir. Perform RW ops.

Actual results: 'Input/output error' is generated 


Expected results: Error similar to "Required key not available" is expected as seen in kernel mountpoint for adding more clarity and for next action by user.



Additional info:
Comment 10 errata-xmlrpc 2025-06-26 12:30:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:9775