284 	struct xfrm_policy *policy;  in xfrm_policy_alloc()  local
286 	policy = kzalloc(sizeof(struct xfrm_policy), gfp);  in xfrm_policy_alloc()
288 	if (policy) {  in xfrm_policy_alloc()
289 		write_pnet(&policy->xp_net, net);  in xfrm_policy_alloc()
290 		INIT_LIST_HEAD(&policy->walk.all);  in xfrm_policy_alloc()
291 		INIT_HLIST_NODE(&policy->bydst);  in xfrm_policy_alloc()
292 		INIT_HLIST_NODE(&policy->byidx);  in xfrm_policy_alloc()
293 		rwlock_init(&policy->lock);  in xfrm_policy_alloc()
294 		atomic_set(&policy->refcnt, 1);  in xfrm_policy_alloc()
295 		skb_queue_head_init(&policy->polq.hold_queue);  in xfrm_policy_alloc()
296 		setup_timer(&policy->timer, xfrm_policy_timer,  in xfrm_policy_alloc()
297 				(unsigned long)policy);  in xfrm_policy_alloc()
298 		setup_timer(&policy->polq.hold_timer, xfrm_policy_queue_process,  in xfrm_policy_alloc()
299 			    (unsigned long)policy);  in xfrm_policy_alloc()
300 		policy->flo.ops = &xfrm_policy_fc_ops;  in xfrm_policy_alloc()
302 	return policy;  in xfrm_policy_alloc()
308 	struct xfrm_policy *policy = container_of(head, struct xfrm_policy, rcu);  in xfrm_policy_destroy_rcu()  local
310 	security_xfrm_policy_free(policy->security);  in xfrm_policy_destroy_rcu()
311 	kfree(policy);  in xfrm_policy_destroy_rcu()
316 void xfrm_policy_destroy(struct xfrm_policy *policy)  in xfrm_policy_destroy()  argument
318 	BUG_ON(!policy->walk.dead);  in xfrm_policy_destroy()
320 	if (del_timer(&policy->timer) || del_timer(&policy->polq.hold_timer))  in xfrm_policy_destroy()
323 	call_rcu(&policy->rcu, xfrm_policy_destroy_rcu);  in xfrm_policy_destroy()
331 static void xfrm_policy_kill(struct xfrm_policy *policy)  in xfrm_policy_kill()  argument
333 	policy->walk.dead = 1;  in xfrm_policy_kill()
335 	atomic_inc(&policy->genid);  in xfrm_policy_kill()
337 	if (del_timer(&policy->polq.hold_timer))  in xfrm_policy_kill()
338 		xfrm_pol_put(policy);  in xfrm_policy_kill()
339 	skb_queue_purge(&policy->polq.hold_queue);  in xfrm_policy_kill()
341 	if (del_timer(&policy->timer))  in xfrm_policy_kill()
342 		xfrm_pol_put(policy);  in xfrm_policy_kill()
344 	xfrm_pol_put(policy);  in xfrm_policy_kill()
582 	struct xfrm_policy *policy;  in xfrm_hash_rebuild()  local
628 	list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {  in xfrm_hash_rebuild()
630 		chain = policy_hash_bysel(net, &policy->selector,  in xfrm_hash_rebuild()
631 					  policy->family,  in xfrm_hash_rebuild()
632 					  xfrm_policy_id2dir(policy->index));  in xfrm_hash_rebuild()
634 			if (policy->priority >= pol->priority)  in xfrm_hash_rebuild()
640 			hlist_add_behind(&policy->bydst, newpos);  in xfrm_hash_rebuild()
642 			hlist_add_head(&policy->bydst, chain);  in xfrm_hash_rebuild()
733 static bool xfrm_policy_mark_match(struct xfrm_policy *policy,  in xfrm_policy_mark_match()  argument
736 	u32 mark = policy->mark.v & policy->mark.m;  in xfrm_policy_mark_match()
738 	if (policy->mark.v == pol->mark.v && policy->mark.m == pol->mark.m)  in xfrm_policy_mark_match()
742 	    policy->priority == pol->priority)  in xfrm_policy_mark_match()
748 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)  in xfrm_policy_insert()  argument
750 	struct net *net = xp_net(policy);  in xfrm_policy_insert()
757 	chain = policy_hash_bysel(net, &policy->selector, policy->family, dir);  in xfrm_policy_insert()
761 		if (pol->type == policy->type &&  in xfrm_policy_insert()
762 		    !selector_cmp(&pol->selector, &policy->selector) &&  in xfrm_policy_insert()
763 		    xfrm_policy_mark_match(policy, pol) &&  in xfrm_policy_insert()
764 		    xfrm_sec_ctx_match(pol->security, policy->security) &&  in xfrm_policy_insert()
771 			if (policy->priority > pol->priority)  in xfrm_policy_insert()
773 		} else if (policy->priority >= pol->priority) {  in xfrm_policy_insert()
781 		hlist_add_behind(&policy->bydst, newpos);  in xfrm_policy_insert()
783 		hlist_add_head(&policy->bydst, chain);  in xfrm_policy_insert()
784 	__xfrm_policy_link(policy, dir);  in xfrm_policy_insert()
788 	if (policy->family == AF_INET)  in xfrm_policy_insert()
794 		xfrm_policy_requeue(delpol, policy);  in xfrm_policy_insert()
797 	policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir, policy->index);  in xfrm_policy_insert()
798 	hlist_add_head(&policy->byidx, net->xfrm.policy_byidx+idx_hash(net, policy->index));  in xfrm_policy_insert()
799 	policy->curlft.add_time = get_seconds();  in xfrm_policy_insert()
800 	policy->curlft.use_time = 0;  in xfrm_policy_insert()
801 	if (!mod_timer(&policy->timer, jiffies + HZ))  in xfrm_policy_insert()
802 		xfrm_pol_hold(policy);  in xfrm_policy_insert()
1414 xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl,  in xfrm_tmpl_resolve_one()  argument
1417 	struct net *net = xp_net(policy);  in xfrm_tmpl_resolve_one()
1424 	for (nx = 0, i = 0; i < policy->xfrm_nr; i++) {  in xfrm_tmpl_resolve_one()
1428 		struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];  in xfrm_tmpl_resolve_one()
1444 		x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);  in xfrm_tmpl_resolve_one()
1653 static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,  in xfrm_bundle_create()  argument
1658 	struct net *net = xp_net(policy);  in xfrm_bundle_create()
1670 	int family = policy->selector.family;  in xfrm_bundle_create()