Description of problem: In ceph-fuse mountpoint, when Read-Write is attempted to encrypted directory in locked mode, error returned is "Input/output error" but error similar to "Required key not available" to be returned. =========================================================== [root@ceph-cephfs-upgrade-uxsxo5-node6 sv1_fuse]# fscrypt status testdir1 "testdir1" is encrypted with fscrypt. Policy: 0141a5dceb9d755850a530df152e85d3 Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 Unlocked: No Protected with 1 protector: PROTECTOR LINKED DESCRIPTION beed32b0354e062d No custom protector "cephfs" [root@ceph-cephfs-upgrade-uxsxo5-node6 testdir1]# cp DXgpqHoeuoTX32t4hmV6PxDM75i85XMD8PKcUDtw8Bc messages_1 cp: cannot open 'DXgpqHoeuoTX32t4hmV6PxDM75i85XMD8PKcUDtw8Bc' for reading: Input/output error [root@ceph-cephfs-upgrade-uxsxo5-node6 testdir1]# cat 2iyouJVENCN6m1zczhZq5jVABGwI+7X8vJ+bYWp6myg cat: 2iyouJVENCN6m1zczhZq5jVABGwI+7X8vJ+bYWp6myg: Input/output error ====================================================== Because, in Kernel mountpoint with fscrypt supported kernel(>v6.6) error returned for Read-write in locked mode is as below, ======================================================= ziJD,cJlDQDAKKkg5bJbsoo5ndx7jgfrDzxDd8nXzZ8]# echo cephfs_test > N8ggccfHSqI9uzAgn1Bklvk2L5+Sl7QEOMgvhi7Q4FA -bash: N8ggccfHSqI9uzAgn1Bklvk2L5+Sl7QEOMgvhi7Q4FA: Required key not available ======================================================= which seems appropriate as we are hinting user that there is need for key for RW ops to be performed on encrypted directory. But the current error string 'Input/output error' is very generic, neither suggesting the reason for error nor the next action. Version-Release number of selected component (if applicable): 19.2.1-128.el9cp How reproducible: Steps to Reproduce: 1. Setup fscrypt on Rhel9.5 latest using https://github.com/ceph/fscrypt/tree/wip-ceph-fuse 2. Create CephFS subvolume and perform ceph-fuse mount 3. Create empty directory and enable encrypt on dir path 4. Add file and lock the dir. Perform RW ops. Actual results: 'Input/output error' is generated Expected results: Error similar to "Required key not available" is expected as seen in kernel mountpoint for adding more clarity and for next action by user. Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2025:9775