-
Notifications
You must be signed in to change notification settings - Fork 62
/
Changelog
228 lines (159 loc) · 8.84 KB
/
Changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
since v3:
* Drop KDBUS_FLAG_KERNEL and the 'kernel_flags' member from all
struct kdbus_cmd_*, and introduce a new KDBUS_FLAGS_NEGOTIATE
instead. Requested by Michael Kerrisk.
* Transform kdbus.txt into DocBook man-pages for better readablity,
and extend the documentation significantly. Requested by Michael
Kerrisk and Christoph Hellwig.
* Add a walk-through example for using the low-level ioctl API from
userspace.
* Consolidate some 'struct kdbus_cmd_*' types to make the API
interface easier to grasp.
* Drop 'struct kdbus_item_list'. The information stored in this
struct was redundant as all ioctls report the returned size
in the command struct already.
* KDBUS_CMD_NAME_ACQUIRE now returns the KDBUS_NAME_IN_QUEUE flag
in cmd->return_flags rather than modifying cmd->flags.
* Get rid of the need for a 2nd pool slice at install time. This
avoids pool fragmentation, message memory footprint and complexity.
* Separate flags from attach_flags in struct kdbus_cmd_info.
* Fix handling of messages with file descriptors with regard to
monitor connections that don't accept file descriptors.
* Revisited and reimplemented the quota logic. 50% are now always
kept reserved for the connection to receive notification etc,
and the rest is accounted per remote peer to avoid denial of
service attacks.
* Make use of new functions introduced with 4.0-rc1
(vfs_iter_write(), {kstrdup,kfree}_const())
* Some internal restructuring and cleanups.
since v2:
* Add FS_USERNS_MOUNT to the file system flags, so users can mount
their own kdbusfs instances without being root in the parent
user-ns. Spotted by Andy Lutomirski.
* Rewrite major parts of the metadata implementation to allow for
per-recipient namespace translations. For this, namespaces are
now not pinned by domains anymore. Instead, metadata is recorded
in kernel scope, and exported into the currently active namespaces
at the time of message installing.
* Split PID and TID from KDBUS_ITEM_CREDS into KDBUS_ITEM_PIDS.
The starttime is there to detect re-used PIDs, so move it to that
new item type as well. Consequently, introduce struct kdbus_pids
to accommodate the information. Requested by Andy Lutomirski.
* Add {e,s,fs}{u,g}id to KDBUS_ITEM_CREDS, so users have a way to
get more fine-grained credential information.
* Removed KDBUS_CMD_CANCEL. The interface was not usable from
threaded userspace implementation due to inherent races. Instead,
add an item type CANCEL_FD which can be used to pass a file
descriptor to the CMD_SEND ioctl. When the SEND is done
synchronously, it will get cancelled as soon as the passed
FD signals POLLIN.
* Dropped startttime from KDBUS_ITEM_PIDS
* Restrict names of custom endpoints to names with a "<uid>-" prefix,
just like we do for buses.
* Provide module-parameter "kdbus.attach_flags_mask" to specify the
a mask of metadata items that is applied on all exported items.
* Monitors are now entirely invisible (IOW, there won't be any
notification when they are created) and they don't need to install
filters for broadcast messages anymore.
* All information exposed via a connection's pool now also reports
the length in addition to the offset. That way, userspace
applications can mmap() only parts of the pool on demand.
* Due to the metadata rework, KDBUS_ITEM_PAYLOAD_OFF items now
describe the offset relative to the pool, where they used to be
relative to the message header.
* Added return_flags bitmask to all kdbus_cmd_* structs, so the
kernel can report details of the command processing. This is
mostly reserved for future extensions.
* Some fixes in kdbus.txt and tests, spotted by Harald Hoyer, Andy
Lutomirski, Michele Curti, Sergei Zviagintsev, Sheng Yong, Torstein
Husebø and Hristo Venev.
* Fixed compiler warnings in test-message by Michele Curti
* Unexpected items are now rejected with -EINVAL
* Split signal and broadcast handling. Unicast signals are now
supported, and messages have a new KDBUS_MSG_SIGNAL flag.
* KDBUS_CMD_MSG_SEND was renamed to KDBUS_CMD_SEND, and now takes
a struct kdbus_cmd_send instead of a kdbus_msg.
* KDBUS_CMD_MSG_RECV was renamed to KDBUS_CMD_RECV.
* Test case memory leak plugged, and various other cleanups and
fixes, by Rui Miguel Silva.
* Build fix for s390
* Test case fix for 32bit archs
* The test framework now supports mount, pid and user namespaces.
* The test framework learned a --tap command line parameter to
format its output in the "Test Anything Protocol". This format
is chosen by default when "make kselftest" is invoked.
* Fixed buses and custom endpoints name validation, reported by
Andy Lutomirski.
* copy_from_user() return code issue fixed, reported by
Dan Carpenter.
* Avoid signed int overflow on archs without atomic_sub
* Avoid variable size stack items. Fixes a sparse warning in queue.c.
* New test case for kernel notification quota
* Switched back to enums for the list of ioctls. This has advantages
for userspace code as gdb, for instance, is able to resolve the
numbers into names. Added features can easily be detected with
autotools, and new iotcls can get #defines as well. Having #defines
for the initial set of ioctls is uncecessary.
since RFC v1:
* Most notably, kdbus exposes its control files, buses and endpoints
via an own file system now, called kdbusfs.
* Each time a file system of this type is mounted, a new kdbus
domain is created.
* By default, kdbus is expected to be mounted in /sys/fs/kdbus
* The layout inside each mount point is the same as before, except
that domains are not hierarchically nested anymore.
* Domains are therefore also unnamed now.
* Unmounting a kdbusfs will automatically also detroy the
associated domain.
* Hence, the action of creating a kdbus domain is now as
privileged as mounting a file system.
* This way, we can get around creating dev nodes for everything,
which is last but not least something that is not limited by
20-bit minor numbers.
* Rework the metadata attachment logic to address concerns raised by
Andy Lutomirsky and Alan Cox:
* Split the attach_flags in kdbus_cmd_hello into two parts,
attach_flags_send and attach_flags_recv. Also, split the
existing KDBUS_ITEM_ATTACH_FLAGS into
KDBUS_ITEM_ATTACH_FLAGS_SEND and KDBUS_ITEM_ATTACH_FLAGS_RECV,
and allow updating both connection details through
KDBUS_CMD_CONN_UPDATE.
* Only attach metadata to the final message in the receiver's pool
if both the sender's attach_flags_send and the receiver's
attach_flags_recv bit are set.
* Add an optional metadata mask to the bus during its creation, so
bus owners can denote their minimal requirements of metadata to
be attached by connections of the bus.
* Namespaces are now pinned by a domain at its creation time, and
metadata items are automatically translated into these namespaces.
Unless that cannot be done (currently only capabilities), in which
case the items are dropped. For hide_pid enabled domains, drop all
items except for such not revealing anything about the task.
* Capabilities are now only checked at open() time, and the
information is cached for the lifetime of a file descriptor.
Reported by Eric W. Biederman, Andy Lutomirski and Thomas Gleixner.
* Make functions that create new objects return the newly allocated
memory directly, rather than in a referenced function arguments.
That implies using ERR_PTR/PTR_ERR logic in many areas. Requested by
Al Viro.
* Rename two details in kdbus.h to not overload the term 'name' too
much:
KDBUS_ITEM_CONN_NAME → KDBUS_ITEM_CONN_DESCRIPTION
KDBUS_ATTACH_CONN_NAME → KDBUS_ATTACH_CONN_DESCRIPTION
* Documentation fixes, by Peter Meerwald and others.
* Some memory leaks plugged, and another match test added, by
Rui Miguel Silva
* Per-user message count quota logic fixed, and new test added.
By John de la Garza.
* More test code for CONN_INFO ioctl
* Added a kdbus_node object embedded by domains, endpoints and buses
to track children in a generic way. A kdbus_node is always exposed
as inode in kdbusfs.
* Add a new attach flags constant called _KDBUS_ATTACH_ANY (~0)
which automatically degrades to _KDBUS_ATTACH_ALL in the kernel.
That way, old clients can opt-in for whethever newer kernels might
offer to send.
* Use #defines rather than an enum for the ioctl signatures, so when
new ones are added, usespace can use #ifdeffery to determine the
function set at compile time. Suggested by Arnd Bergmann.
* Moved the driver to ipc/kdbus, as suggested by Arnd Bergmann.