.`enctag` value length is now restricted to 255 characters
Previously, `enctags` could be stored with values longer than 255 characters. However, operations such as `enctag get` only supported displaying values up to 255 characters. If an `enctag` with a longer value was stored, the system returned a general `Unexpected error` output.
With this fix, the system now enforces a maximum `enctag` value length of 255 characters. Only valid `enctags` are accepted and stored, allowing operations such as `enctag get` to display the `enctag` successfully.
Description of problem:
FScrypt enctag on subvolume with 256 chars could be set successfully but returns 'Unexpected error' while get on enctag.
[root@ceph-cephfs-upgrade-ehqlj7-node6 ~]# ceph fs subvolume enctag set cephfs sv1 --enctag sv@1#22222222222222222222222222222222222222222222222222222222222wwwwwwwwwwwwwwwwwwwwwwwwwwwwww_______________sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss5555555555555555555%%%%%%%nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn1
[root@ceph-cephfs-upgrade-ehqlj7-node6 ~]# ceph fs subvolume enctag get cephfs sv1
Unexpected error
[root@ceph-cephfs-upgrade-ehqlj7-node6 ~]# ceph fs subvolume info cephfs sv1
{
"atime": "2025-04-11 07:36:53",
"bytes_pcent": "undefined",
"bytes_quota": "infinite",
"bytes_used": 0,
"case_insensitive": false,
"created_at": "2025-04-11 07:36:53",
"ctime": "2025-04-14 06:17:47",
"data_pool": "cephfs.cephfs.data",
"earmark": "",
"enctag": "",
"features": [
"snapshot-clone",
"snapshot-autoprotect",
"snapshot-retention"
],
"flavor": 2,
"gid": 0,
"mode": 16877,
"mon_addrs": [
"10.0.64.55:6789",
"10.0.66.201:6789",
"10.0.67.91:6789"
],
"mtime": "2025-04-11 07:36:53",
"normalization": "none",
"path": "/volumes/_nogroup/sv1/22e9dfc6-33b3-4cf9-a3f7-6c91598f24d3",
"pool_namespace": "",
"state": "complete",
"type": "subvolume",
"uid": 0
}
Version-Release number of selected component (if applicable):19.2.1-124.el9cp
How reproducible: 5/5
Steps to Reproduce:
1. Create a cephfs subvolume
2. Set a enctag with character length as 256(max chars + 1) in its value
3. Run get enctag set in step2
Actual results: Unexpected error seen on get and enctag set in step2 is reset. subvolume info shows null entry for enctag.
Expected results: enctag set with character count as max_lenght+1 should not be allowed, validation for max length support to be imposed.
Additional info:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: Red Hat Ceph Storage 9.0 Security and Enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2026:1536
Description of problem: FScrypt enctag on subvolume with 256 chars could be set successfully but returns 'Unexpected error' while get on enctag. [root@ceph-cephfs-upgrade-ehqlj7-node6 ~]# ceph fs subvolume enctag set cephfs sv1 --enctag sv@1#22222222222222222222222222222222222222222222222222222222222wwwwwwwwwwwwwwwwwwwwwwwwwwwwww_______________sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss5555555555555555555%%%%%%%nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn1 [root@ceph-cephfs-upgrade-ehqlj7-node6 ~]# ceph fs subvolume enctag get cephfs sv1 Unexpected error [root@ceph-cephfs-upgrade-ehqlj7-node6 ~]# ceph fs subvolume info cephfs sv1 { "atime": "2025-04-11 07:36:53", "bytes_pcent": "undefined", "bytes_quota": "infinite", "bytes_used": 0, "case_insensitive": false, "created_at": "2025-04-11 07:36:53", "ctime": "2025-04-14 06:17:47", "data_pool": "cephfs.cephfs.data", "earmark": "", "enctag": "", "features": [ "snapshot-clone", "snapshot-autoprotect", "snapshot-retention" ], "flavor": 2, "gid": 0, "mode": 16877, "mon_addrs": [ "10.0.64.55:6789", "10.0.66.201:6789", "10.0.67.91:6789" ], "mtime": "2025-04-11 07:36:53", "normalization": "none", "path": "/volumes/_nogroup/sv1/22e9dfc6-33b3-4cf9-a3f7-6c91598f24d3", "pool_namespace": "", "state": "complete", "type": "subvolume", "uid": 0 } Version-Release number of selected component (if applicable):19.2.1-124.el9cp How reproducible: 5/5 Steps to Reproduce: 1. Create a cephfs subvolume 2. Set a enctag with character length as 256(max chars + 1) in its value 3. Run get enctag set in step2 Actual results: Unexpected error seen on get and enctag set in step2 is reset. subvolume info shows null entry for enctag. Expected results: enctag set with character count as max_lenght+1 should not be allowed, validation for max length support to be imposed. Additional info: