since v2: * Add FS_USERNS_MOUNT to the file system flags, so users can mount their own kdbusfs instances without being root in the parent user-ns. Spotted by Andy Lutomirski. * Rewrite major parts of the metadata implementation to allow for per-recipient namespace translations. For this, namespaces are now not pinned by domains anymore. Instead, metadata is recorded in kernel scope, and exported into the currently active namespaces at the time of message installing. * Split PID and TID from KDBUS_ITEM_CREDS into KDBUS_ITEM_PIDS. The starttime is there to detect re-used PIDs, so move it to that new item type as well. Consequently, introduce struct kdbus_pids to accommodate the information. Requested by Andy Lutomirski. * Add {e,s,fs}{u,g}id to KDBUS_ITEM_CREDS, so users have a way to get more fine-grained credential information. * Removed KDBUS_CMD_CANCEL. The interface was not usable from threaded userspace implementation due to inherent races. Instead, add an item type CANCEL_FD which can be used to pass a file descriptor to the CMD_SEND ioctl. When the SEND is done synchronously, it will get cancelled as soon as the passed FD signals POLLIN. * Dropped startttime from KDBUS_ITEM_PIDS * Restrict names of custom endpoints to names with a "-" prefix, just like we do for buses. * Provide module-parameter "kdbus.attach_flags_mask" to specify the a mask of metadata items that is applied on all exported items. * Monitors are now entirely invisible (IOW, there won't be any notification when they are created) and they don't need to install filters for broadcast messages anymore. * All information exposed via a connection's pool now also reports the length in addition to the offset. That way, userspace applications can mmap() only parts of the pool on demand. * Due to the metadata rework, KDBUS_ITEM_PAYLOAD_OFF items now describe the offset relative to the pool, where they used to be relative to the message header. * Added return_flags bitmask to all kdbus_cmd_* structs, so the kernel can report details of the command processing. This is mostly reserved for future extensions. * Some fixes in kdbus.txt and tests, spotted by Harald Hoyer, Andy Lutomirski, Michele Curti, Sergei Zviagintsev, Sheng Yong, Torstein Husebø and Hristo Venev. * Fixed compiler warnings in test-message by Michele Curti * Unexpected items are now rejected with -EINVAL * Split signal and broadcast handling. Unicast signals are now supported, and messages have a new KDBUS_MSG_SIGNAL flag. * KDBUS_CMD_MSG_SEND was renamed to KDBUS_CMD_SEND, and now takes a struct kdbus_cmd_send instead of a kdbus_msg. * KDBUS_CMD_MSG_RECV was renamed to KDBUS_CMD_RECV. * Test case memory leak plugged, and various other cleanups and fixes, by Rui Miguel Silva. * Build fix for s390 * Test case fix for 32bit archs * Fixed buses and custom endpoints name validation, reported by Andy Lutomirski. * copy_from_user() return code issue fixed, reported by Dan Carpenter. * Avoid signed int overflow on archs without atomic_sub * Avoid variable size stack items. Fixes a sparse warning in queue.c. * New test case for kernel notification quota * Switched back to enums for the list of ioctls. This has advantages for userspace code as gdb, for instance, is able to resolve the numbers into names. Added features can easily be detected with autotools, and new iotcls can get #defines as well. Having #defines for the initial set of ioctls is uncecessary. since RFC v1: * Most notably, kdbus exposes its control files, buses and endpoints via an own file system now, called kdbusfs. * Each time a file system of this type is mounted, a new kdbus domain is created. * By default, kdbus is expected to be mounted in /sys/fs/kdbus * The layout inside each mount point is the same as before, except that domains are not hierarchically nested anymore. * Domains are therefore also unnamed now. * Unmounting a kdbusfs will automatically also detroy the associated domain. * Hence, the action of creating a kdbus domain is now as privileged as mounting a file system. * This way, we can get around creating dev nodes for everything, which is last but not least something that is not limited by 20-bit minor numbers. * Rework the metadata attachment logic to address concerns raised by Andy Lutomirsky and Alan Cox: * Split the attach_flags in kdbus_cmd_hello into two parts, attach_flags_send and attach_flags_recv. Also, split the existing KDBUS_ITEM_ATTACH_FLAGS into KDBUS_ITEM_ATTACH_FLAGS_SEND and KDBUS_ITEM_ATTACH_FLAGS_RECV, and allow updating both connection details through KDBUS_CMD_CONN_UPDATE. * Only attach metadata to the final message in the receiver's pool if both the sender's attach_flags_send and the receiver's attach_flags_recv bit are set. * Add an optional metadata mask to the bus during its creation, so bus owners can denote their minimal requirements of metadata to be attached by connections of the bus. * Namespaces are now pinned by a domain at its creation time, and metadata items are automatically translated into these namespaces. Unless that cannot be done (currently only capabilities), in which case the items are dropped. For hide_pid enabled domains, drop all items except for such not revealing anything about the task. * Capabilities are now only checked at open() time, and the information is cached for the lifetime of a file descriptor. Reported by Eric W. Biederman, Andy Lutomirski and Thomas Gleixner. * Make functions that create new objects return the newly allocated memory directly, rather than in a referenced function arguments. That implies using ERR_PTR/PTR_ERR logic in many areas. Requested by Al Viro. * Rename two details in kdbus.h to not overload the term 'name' too much: KDBUS_ITEM_CONN_NAME → KDBUS_ITEM_CONN_DESCRIPTION KDBUS_ATTACH_CONN_NAME → KDBUS_ATTACH_CONN_DESCRIPTION * Documentation fixes, by Peter Meerwald and others. * Some memory leaks plugged, and another match test added, by Rui Miguel Silva * Per-user message count quota logic fixed, and new test added. By John de la Garza. * More test code for CONN_INFO ioctl * Added a kdbus_node object embedded by domains, endpoints and buses to track children in a generic way. A kdbus_node is always exposed as inode in kdbusfs. * Add a new attach flags constant called _KDBUS_ATTACH_ANY (~0) which automatically degrades to _KDBUS_ATTACH_ALL in the kernel. That way, old clients can opt-in for whethever newer kernels might offer to send. * Use #defines rather than an enum for the ioctl signatures, so when new ones are added, usespace can use #ifdeffery to determine the function set at compile time. Suggested by Arnd Bergmann. * Moved the driver to ipc/kdbus, as suggested by Arnd Bergmann.