Re: [PATCH] udp: fix integer overflow while computing available space in sk_rcvbuf

[kaz1020]

Antonio Messina at Google,
Linux Kernel maintainers,

I read the following fraud Google Blog.
https://cloud.google.com/blog/topics/inside-google-cloud/google-cloud-support-engineer-solves-a-tough-dns-case

I require Antonio Messina the fulfillment of obligations.
Antonio Messina accepted the following requests on June 27, 2020.

I requested Antonio Messina to correct his mistakes.
- Rewrite the article on fraud Google Blog
- Send the new patch I proposed

Past, I explained the following result to Antonio Messina and Google.

Abstract:
The “size" variable of the following line will be removed.
Line: https://github.com/torvalds/linux/blob/v5.4/net/ipv4/udp.c#L1478

Because comparing "to be allocated buffer size" and "Max buffer size" + "size."
Antonio Messina's mistake: if (rmem > (unsigned int)(size + sk->sk_rcvbuf))
The fix I propose: if (rmem > sk->sk_rcvbuf)
 
Details:
In the function __udp_enqueue_schedule_skb.
- rmem: Same as sk->sk_rmem_alloc.
  -- It means allocated or to be allocated buffer size.
- sk->sk_rcvbuf: Max buffer size(purpose to limit the buffer size).
- size: Same as skb->truesize.
  -- It means a packet size.

The original problem is committed by: 
https://github.com/torvalds/linux/commit/363dc73acacbbcdae98acf5612303e9770e04b1d
In addition, the condition sentence has been corrupted before this commit.

Antonio Messina sent a poor patch: 
https://lkml.org/lkml/2019/12/19/482

-- 
Fix it,
kaz1020