netfilter: nft_limit: reject configurations that cause integer overflow

mainline inclusion
from mainline-v6.8-rc2
commit c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9DNPD
CVE: CVE-2024-26668

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa



--------------------------------

Reject bogus configs where internal token counter wraps around.
This only occurs with very very large requests, such as 17gbyte/s.

Its better to reject this rather than having incorrect ratelimit.

Fixes: d2168e84 ("netfilter: nft_limit: add per-byte limiting")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Conflicts:
	net/netfilter/nft_limit.c

Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>