To provide better encryption performance, Google engineers are currently adding inline encryption support for fscrypt, a Linux file system encryption management tool. Related developments include the introduction of inline encryption in Linux 5.8 block device queue management blk-mq.
fscrypt is an advanced tool for Linux file system encryption management that manages metadata, key generation, key encapsulation and PAM integration, and provides a unified interface for creating and modifying encrypted directories. The kernel portion of fscrypt is integrated into a file system such as ext4.
blk-mq is Linux’s block device layer multi-queue mechanism, which changes the single queue of the request layer in the Linux kernel storage stack to multi-queue, theoretically improving performance.
If the next blk-mq supports inline encryption, it can pass the encryption context down in the storage stack, as explained in the Current Linux kernel source code commit: we must somehow let the storage device driver know the encryption context that it should use for encryption/decryption requests. The upper echelons( such as file system/fscrypt) know what’s going on and manage the encryption context. Thus, when the upper layer submits the BIO to the block layer, the device driver that the BIO eventually arrives to support inline encryption, then the device driver already indicates the encryption context of the BIO.
The specific change on the code is to add the struct bio_crypt_ctx to the struct bio to represent the encryption context, while introducing various bio_crypt_ctx for operations and making the bio/request merge function logic aware of the bio_crypt_ctx.