<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/git/next/linux-next.git/net/caif/cffrml.c, branch master</title>
<subtitle>The linux-next integration testing tree</subtitle>
<id>https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/atom?h=master</id>
<link rel='self' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/'/>
<updated>2026-04-23T17:23:44+00:00</updated>
<entry>
<title>caif: remove CAIF NETWORK LAYER</title>
<updated>2026-04-23T17:23:44+00:00</updated>
<author>
<name>Jakub Kicinski</name>
<email>kuba@kernel.org</email>
</author>
<published>2026-04-16T18:28:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=6d5431555de032f5ad9e08a7fb372f37bf493903'/>
<id>urn:sha1:6d5431555de032f5ad9e08a7fb372f37bf493903</id>
<content type='text'>
Remove CAIF (Communication CPU to Application CPU Interface), the
ST-Ericsson modem protocol. The subsystem has been orphaned since 2013.
The last meaningful changes from the maintainers were in March 2013:
  a8c7687bf216 ("caif_virtio: Check that vringh_config is not null")
  b2273be8d2df ("caif_virtio: Use vringh_notify_enable correctly")
  0d2e1a2926b1 ("caif_virtio: Introduce caif over virtio")

Not-so-coincidentally, according to "the Internet" ST-Ericsson officially
shut down its modem joint venture in Aug 2013.

If anyone is using this code please yell!

In the 13 years since, the code has accumulated 200 non-merge commits,
of which 71 were cross-tree API changes, 21 carried Fixes: tags, and
the remaining ~110 were cleanups, doc conversions, treewide refactors,
and one partial removal (caif_hsi, ca75bcf0a83b).

We are still getting fixes to this code, in the last 10 days there were
3 reports on security@ about CAIF that I have been CCed on.

UAPI constants (AF_CAIF, ARPHRD_CAIF, N_CAIF, VIRTIO_ID_CAIF) and the
SELinux classmap entry are intentionally kept for ABI stability.

Acked-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Acked-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Reviewed-by: Linus Walleij &lt;linusw@kernel.org&gt;
Reviewed-by: Simon Horman &lt;horms@kernel.org&gt;
Link: https://patch.msgid.link/20260416182829.1440262-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>treewide: Replace kmalloc with kmalloc_obj for non-scalar types</title>
<updated>2026-02-21T09:02:28+00:00</updated>
<author>
<name>Kees Cook</name>
<email>kees@kernel.org</email>
</author>
<published>2026-02-21T07:49:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=69050f8d6d075dc01af7a5f2f550a8067510366f'/>
<id>urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f</id>
<content type='text'>
This is the result of running the Coccinelle script from
scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to
avoid scalar types (which need careful case-by-case checking), and
instead replace kmalloc-family calls that allocate struct or union
object instances:

Single allocations:	kmalloc(sizeof(TYPE), ...)
are replaced with:	kmalloc_obj(TYPE, ...)

Array allocations:	kmalloc_array(COUNT, sizeof(TYPE), ...)
are replaced with:	kmalloc_objs(TYPE, COUNT, ...)

Flex array allocations:	kmalloc(struct_size(PTR, FAM, COUNT), ...)
are replaced with:	kmalloc_flex(*PTR, FAM, COUNT, ...)

(where TYPE may also be *VAR)

The resulting allocations no longer return "void *", instead returning
"TYPE *".

Signed-off-by: Kees Cook &lt;kees@kernel.org&gt;
</content>
</entry>
<entry>
<title>caif: fix integer underflow in cffrml_receive()</title>
<updated>2025-12-11T09:35:41+00:00</updated>
<author>
<name>Junrui Luo</name>
<email>moonafterrain@outlook.com</email>
</author>
<published>2025-12-04T13:30:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=8a11ff0948b5ad09b71896b7ccc850625f9878d1'/>
<id>urn:sha1:8a11ff0948b5ad09b71896b7ccc850625f9878d1</id>
<content type='text'>
The cffrml_receive() function extracts a length field from the packet
header and, when FCS is disabled, subtracts 2 from this length without
validating that len &gt;= 2.

If an attacker sends a malicious packet with a length field of 0 or 1
to an interface with FCS disabled, the subtraction causes an integer
underflow.

This can lead to memory exhaustion and kernel instability, potential
information disclosure if padding contains uninitialized kernel memory.

Fix this by validating that len &gt;= 2 before performing the subtraction.

Reported-by: Yuhao Jiang &lt;danisjiang@gmail.com&gt;
Reported-by: Junrui Luo &lt;moonafterrain@outlook.com&gt;
Fixes: b482cd2053e3 ("net-caif: add CAIF core protocol stack")
Signed-off-by: Junrui Luo &lt;moonafterrain@outlook.com&gt;
Reviewed-by: Simon Horman &lt;horms@kernel.org&gt;
Link: https://patch.msgid.link/SYBPR01MB7881511122BAFEA8212A1608AFA6A@SYBPR01MB7881.ausprd01.prod.outlook.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194</title>
<updated>2019-05-30T18:29:22+00:00</updated>
<author>
<name>Thomas Gleixner</name>
<email>tglx@linutronix.de</email>
</author>
<published>2019-05-28T16:57:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=af873fcecef567abf8a3468b06dd4e4aab46da6d'/>
<id>urn:sha1:af873fcecef567abf8a3468b06dd4e4aab46da6d</id>
<content type='text'>
Based on 1 normalized pattern(s):

  license terms gnu general public license gpl version 2

extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-only

has been chosen to replace the boilerplate/reference in 161 file(s).

Signed-off-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Reviewed-by: Allison Randal &lt;allison@lohutok.net&gt;
Reviewed-by: Alexios Zavras &lt;alexios.zavras@intel.com&gt;
Reviewed-by: Steve Winslow &lt;swinslow@gmail.com&gt;
Reviewed-by: Richard Fontana &lt;rfontana@redhat.com&gt;
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190528170027.447718015@linutronix.de
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>caif: fix a signedness bug in cfpkt_iterate()</title>
<updated>2015-02-20T22:35:14+00:00</updated>
<author>
<name>Dan Carpenter</name>
<email>dan.carpenter@oracle.com</email>
</author>
<published>2015-02-19T09:13:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=278f7b4fffce9ad267406cf8800df271d14f4a16'/>
<id>urn:sha1:278f7b4fffce9ad267406cf8800df271d14f4a16</id>
<content type='text'>
The cfpkt_iterate() function can return -EPROTO on error, but the
function is a u16 so the negative value gets truncated to a positive
unsigned short.  This causes a static checker warning.

The only caller which might care is cffrml_receive(), when it's checking
the frame checksum.  I modified cffrml_receive() so that it never says
-EPROTO is a valid checksum.

Also this isn't ever going to be inlined so I removed the "inline".

Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
<entry>
<title>caif: Remove my bouncing email address.</title>
<updated>2013-04-23T17:25:51+00:00</updated>
<author>
<name>sjur.brandeland@stericsson.com</name>
<email>sjur.brandeland@stericsson.com</email>
</author>
<published>2013-04-22T23:57:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=26ee65e680f4a2291f6258e11beceae0ad4eeba3'/>
<id>urn:sha1:26ee65e680f4a2291f6258e11beceae0ad4eeba3</id>
<content type='text'>
Remove my soon bouncing email address.
Also remove the "Contact:" line in file header.
The MAINTAINERS file is a better place to find the
contact person anyway.

Signed-off-by: Sjur Brændeland &lt;sjur.brandeland@stericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
<entry>
<title>CAIF: fix indentation for function arguments</title>
<updated>2013-03-07T21:24:45+00:00</updated>
<author>
<name>Silviu-Mihai Popescu</name>
<email>silviupopescu1990@gmail.com</email>
</author>
<published>2013-03-06T19:39:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=3bffc475f9995843fa23a4978a4c112d8c8f4a6e'/>
<id>urn:sha1:3bffc475f9995843fa23a4978a4c112d8c8f4a6e</id>
<content type='text'>
This lines up function arguments on second and subsequent lines at the
first column after the openning parenthesis of the first line.

Signed-off-by: Silviu-Mihai Popescu &lt;silviupopescu1990@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
<entry>
<title>percpu: Remove irqsafe_cpu_xxx variants</title>
<updated>2011-12-22T18:40:20+00:00</updated>
<author>
<name>Christoph Lameter</name>
<email>cl@linux.com</email>
</author>
<published>2011-12-22T17:58:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=933393f58fef9963eac61db8093689544e29a600'/>
<id>urn:sha1:933393f58fef9963eac61db8093689544e29a600</id>
<content type='text'>
We simply say that regular this_cpu use must be safe regardless of
preemption and interrupt state.  That has no material change for x86
and s390 implementations of this_cpu operations.  However, arches that
do not provide their own implementation for this_cpu operations will
now get code generated that disables interrupts instead of preemption.

-tj: This is part of on-going percpu API cleanup.  For detailed
     discussion of the subject, please refer to the following thread.

     http://thread.gmane.org/gmane.linux.kernel/1222078

Signed-off-by: Christoph Lameter &lt;cl@linux.com&gt;
Signed-off-by: Tejun Heo &lt;tj@kernel.org&gt;
LKML-Reference: &lt;alpine.DEB.2.00.1112221154380.11787@router.home&gt;
</content>
</entry>
<entry>
<title>caif: fix endian conversion in cffrml_transmit()</title>
<updated>2011-11-21T21:46:24+00:00</updated>
<author>
<name>Dan Carpenter</name>
<email>dan.carpenter@oracle.com</email>
</author>
<published>2011-11-21T21:46:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f23aa62545c18728eb2b9434aa258be27e07dd49'/>
<id>urn:sha1:f23aa62545c18728eb2b9434aa258be27e07dd49</id>
<content type='text'>
The "tmp" variable here is used to store the result of cpu_to_le16()
so it should be an __le16 instead of an int.  We want the high bits
set and the current code works on little endian systems but not on
big endian systems.

Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Acked-by: Sjur Brændeland &lt;sjur.brandeland@stericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
<entry>
<title>caif: Remove OOM messages, use kzalloc</title>
<updated>2011-08-28T21:16:13+00:00</updated>
<author>
<name>Joe Perches</name>
<email>joe@perches.com</email>
</author>
<published>2011-08-25T13:22:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7ac2ed0ceeafa130f85aa947b271b571c68b9e75'/>
<id>urn:sha1:7ac2ed0ceeafa130f85aa947b271b571c68b9e75</id>
<content type='text'>
Remove per site OOM messages because they duplicate
the generic mm subsystem OOM message.

Use kzalloc instead of kmalloc/memset
when next to the OOM message removals.

Reduces object size (allyesconfig ~2%)

$ size -t drivers/net/caif/built-in.o.old net/caif/built-in.o.old
   text	   data	    bss	    dec	    hex	filename
  32297	    700	   8224	  41221	   a105	drivers/net/caif/built-in.o.old
  72159	   1317	  20552	  94028	  16f4c	net/caif/built-in.o.old
 104456	   2017	  28776	 135249	  21051	(TOTALS)
$ size -t drivers/net/caif/built-in.o.new net/caif/built-in.o.new
   text	   data	    bss	    dec	    hex	filename
  31975	    700	   8184	  40859	   9f9b	drivers/net/caif/built-in.o.new
  70748	   1317	  20152	  92217	  16839	net/caif/built-in.o.new
 102723	   2017	  28336	 133076	  207d4	(TOTALS)

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
</feed>
