UPSTREAM: xtables: add xt_match, xt_target and data copy_to_user functions

xt_entry_target, xt_entry_match and their private data may contain
kernel data.

Introduce helper functions xt_match_to_user, xt_target_to_user and
xt_data_to_user that copy only the expected fields. These replace
existing logic that calls copy_to_user on entire structs, then
overwrites select fields.

Private data is defined in xt_match and xt_target. All matches and
targets that maintain kernel data store this at the tail of their
private structure. Extend xt_match and xt_target with .usersize to
limit how many bytes of data are copied. The remainder is cleared.

If compatsize is specified, usersize can only safely be used if all
fields up to usersize use platform-independent types. Otherwise, the
compat_to_user callback must be defined.

This patch does not yet enable the support logic.

Bug: 120612905
Issue: FP3SEC-162
Change-Id: I71ca0160d0ad7b8ee97b412c1e278b75b297bd54
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Hridya Valsaraju <hridya@google.com>
(cherry picked from commit f32815d21d4d8287336fb9cef4d2d9e0866214c2)
(cherry picked from commit a1a9b369)
(cherry picked from commit 8fd94bd1023f61208c74eae6db2f97839c06c188)