since v3:

  * Drop KDBUS_FLAG_KERNEL and the 'kernel_flags' member from all
    struct kdbus_cmd_*, and introduce a new KDBUS_FLAGS_NEGOTIATE
    instead. Requested by Michael Kerrisk.

  * Transform kdbus.txt into DocBook man-pages for better readablity,
    and extend the documentation significantly. Requested by Michael
    Kerrisk and Christoph Hellwig.

  * Add a walk-through example for using the low-level ioctl API from
    userspace.

  * Consolidate some 'struct kdbus_cmd_*' types to make the API
    interface easier to grasp.

  * Drop 'struct kdbus_item_list'. The information stored in this
    struct was redundant as all ioctls report the returned size
    in the command struct already.

  * KDBUS_CMD_NAME_ACQUIRE now returns the KDBUS_NAME_IN_QUEUE flag
    in cmd->return_flags rather than modifying cmd->flags.

  * Get rid of the need for a 2nd pool slice at install time. This
    avoids pool fragmentation, message memory footprint and complexity.

  * Separate flags from attach_flags in struct kdbus_cmd_info.

  * Fix handling of messages with file descriptors with regard to
    monitor connections that don't accept file descriptors.

  * Revisited and reimplemented the quota logic. 50% are now always
    kept reserved for the connection to receive notification etc,
    and the rest is accounted per remote peer to avoid denial of
    service attacks.

  * Make use of new functions introduced with 4.0-rc1
    (vfs_iter_write(), {kstrdup,kfree}_const())

  * Some internal restructuring and cleanups.

since v2:

  * Add FS_USERNS_MOUNT to the file system flags, so users can mount
    their own kdbusfs instances without being root in the parent
    user-ns. Spotted by Andy Lutomirski.

  * Rewrite major parts of the metadata implementation to allow for
    per-recipient namespace translations. For this, namespaces are
    now not pinned by domains anymore. Instead, metadata is recorded
    in kernel scope, and exported into the currently active namespaces
    at the time of message installing.

  * Split PID and TID from KDBUS_ITEM_CREDS into KDBUS_ITEM_PIDS.
    The starttime is there to detect re-used PIDs, so move it to that
    new item type as well. Consequently, introduce struct kdbus_pids
    to accommodate the information. Requested by Andy Lutomirski.

  * Add {e,s,fs}{u,g}id to KDBUS_ITEM_CREDS, so users have a way to
    get more fine-grained credential information.

  * Removed KDBUS_CMD_CANCEL. The interface was not usable from
    threaded userspace implementation due to inherent races. Instead,
    add an item type CANCEL_FD which can be used to pass a file
    descriptor to the CMD_SEND ioctl. When the SEND is done
    synchronously, it will get cancelled as soon as the passed
    FD signals POLLIN.

  * Dropped startttime from KDBUS_ITEM_PIDS

  * Restrict names of custom endpoints to names with a "<uid>-" prefix,
    just like we do for buses.

  * Provide module-parameter "kdbus.attach_flags_mask" to specify the
    a mask of metadata items that is applied on all exported items.

  * Monitors are now entirely invisible (IOW, there won't be any
    notification when they are created) and they don't need to install
    filters for broadcast messages anymore.

  * All information exposed via a connection's pool now also reports
    the length in addition to the offset. That way, userspace
    applications can mmap() only parts of the pool on demand.

  * Due to the metadata rework, KDBUS_ITEM_PAYLOAD_OFF items now
    describe the offset relative to the pool, where they used to be
    relative to the message header.

  * Added return_flags bitmask to all kdbus_cmd_* structs, so the
    kernel can report details of the command processing. This is
    mostly reserved for future extensions.

  * Some fixes in kdbus.txt and tests, spotted by Harald Hoyer, Andy
    Lutomirski, Michele Curti, Sergei Zviagintsev, Sheng Yong, Torstein
    Husebø and Hristo Venev.

  * Fixed compiler warnings in test-message by Michele Curti

  * Unexpected items are now rejected with -EINVAL

  * Split signal and broadcast handling. Unicast signals are now
    supported, and messages have a new KDBUS_MSG_SIGNAL flag.

  * KDBUS_CMD_MSG_SEND was renamed to KDBUS_CMD_SEND, and now takes
    a struct kdbus_cmd_send instead of a kdbus_msg.

  * KDBUS_CMD_MSG_RECV was renamed to KDBUS_CMD_RECV.

  * Test case memory leak plugged, and various other cleanups and
    fixes, by Rui Miguel Silva.

  * Build fix for s390

  * Test case fix for 32bit archs

  * The test framework now supports mount, pid and user namespaces.

  * The test framework learned a --tap command line parameter to
    format its output in the "Test Anything Protocol". This format
    is chosen by default when "make kselftest" is invoked.

  * Fixed buses and custom endpoints name validation, reported by
    Andy Lutomirski.

  * copy_from_user() return code issue fixed, reported by
    Dan Carpenter.

  * Avoid signed int overflow on archs without atomic_sub

  * Avoid variable size stack items. Fixes a sparse warning in queue.c.

  * New test case for kernel notification quota

  * Switched back to enums for the list of ioctls. This has advantages
    for userspace code as gdb, for instance, is able to resolve the
    numbers into names. Added features can easily be detected with
    autotools, and new iotcls can get #defines as well. Having #defines
    for the initial set of ioctls is uncecessary.


since RFC v1:

  * Most notably, kdbus exposes its control files, buses and endpoints
    via an own file system now, called kdbusfs.

     * Each time a file system of this type is mounted, a new kdbus
       domain is created.

     * By default, kdbus is expected to be mounted in /sys/fs/kdbus
       
     * The layout inside each mount point is the same as before, except
       that domains are not hierarchically nested anymore.

     * Domains are therefore also unnamed now.

     * Unmounting a kdbusfs will automatically also detroy the
       associated domain.

     * Hence, the action of creating a kdbus domain is now as
       privileged as mounting a file system.

     * This way, we can get around creating dev nodes for everything,
       which is last but not least something that is not limited by
       20-bit minor numbers.

  * Rework the metadata attachment logic to address concerns raised by
    Andy Lutomirsky and Alan Cox:

     * Split the attach_flags in kdbus_cmd_hello into two parts,
       attach_flags_send and attach_flags_recv. Also, split the
       existing KDBUS_ITEM_ATTACH_FLAGS into
       KDBUS_ITEM_ATTACH_FLAGS_SEND and KDBUS_ITEM_ATTACH_FLAGS_RECV,
       and allow updating both connection details through
       KDBUS_CMD_CONN_UPDATE.
    
     * Only attach metadata to the final message in the receiver's pool
       if both the sender's attach_flags_send and the receiver's
       attach_flags_recv bit are set.
    
     * Add an optional metadata mask to the bus during its creation, so
       bus owners can denote their minimal requirements of metadata to
       be attached by connections of the bus.

  * Namespaces are now pinned by a domain at its creation time, and
    metadata items are automatically translated into these namespaces.
    Unless that cannot be done (currently only capabilities), in which
    case the items are dropped. For hide_pid enabled domains, drop all
    items except for such not revealing anything about the task.

  * Capabilities are now only checked at open() time, and the
    information is cached for the lifetime of a file descriptor.
    Reported by Eric W. Biederman, Andy Lutomirski and Thomas Gleixner.

  * Make functions that create new objects return the newly allocated
    memory directly, rather than in a referenced function arguments.
    That implies using ERR_PTR/PTR_ERR logic in many areas. Requested by
    Al Viro.

  * Rename two details in kdbus.h to not overload the term 'name' too
    much:

     KDBUS_ITEM_CONN_NAME	→ KDBUS_ITEM_CONN_DESCRIPTION
     KDBUS_ATTACH_CONN_NAME	→ KDBUS_ATTACH_CONN_DESCRIPTION

  * Documentation fixes, by Peter Meerwald and others.

  * Some memory leaks plugged, and another match test added, by
    Rui Miguel Silva

  * Per-user message count quota logic fixed, and new test added.
    By John de la Garza.

  * More test code for CONN_INFO ioctl

  * Added a kdbus_node object embedded by domains, endpoints and buses
    to track children in a generic way. A kdbus_node is always exposed
    as inode in kdbusfs.

  * Add a new attach flags constant called _KDBUS_ATTACH_ANY (~0)
    which automatically degrades to _KDBUS_ATTACH_ALL in the kernel.
    That way, old clients can opt-in for whethever newer kernels might
    offer to send.

  * Use #defines rather than an enum for the ioctl signatures, so when
    new ones are added, usespace can use #ifdeffery to determine the
    function set at compile time. Suggested by Arnd Bergmann.

  * Moved the driver to ipc/kdbus, as suggested by Arnd Bergmann.
