UPSTREAM: xtables: add xt_match, xt_target and data copy_to_user functions

xt_entry_target, xt_entry_match and their private data may contain
kernel data.

Introduce helper functions xt_match_to_user, xt_target_to_user and
xt_data_to_user that copy only the expected fields. These replace
existing logic that calls copy_to_user on entire structs, then
overwrites select fields.

Private data is defined in xt_match and xt_target. All matches and
targets that maintain kernel data store this at the tail of their
private structure. Extend xt_match and xt_target with .usersize to
limit how many bytes of data are copied. The remainder is cleared.

If compatsize is specified, usersize can only safely be used if all
fields up to usersize use platform-independent types. Otherwise, the
compat_to_user callback must be defined.

This patch does not yet enable the support logic.

Signed-off-by: Willem de Bruijn <>
Signed-off-by: Pablo Neira Ayuso <>

Bug: 120612905
Change-Id: I71ca0160d0ad7b8ee97b412c1e278b75b297bd54
(cherry picked from commit f32815d21d4d8287336fb9cef4d2d9e0866214c2)
Signed-off-by: Hridya Valsaraju <>
2 files changed