282 	struct xfrm_policy *policy;  in xfrm_policy_alloc()  local
284 	policy = kzalloc(sizeof(struct xfrm_policy), gfp);  in xfrm_policy_alloc()
286 	if (policy) {  in xfrm_policy_alloc()
287 		write_pnet(&policy->xp_net, net);  in xfrm_policy_alloc()
288 		INIT_LIST_HEAD(&policy->walk.all);  in xfrm_policy_alloc()
289 		INIT_HLIST_NODE(&policy->bydst);  in xfrm_policy_alloc()
290 		INIT_HLIST_NODE(&policy->byidx);  in xfrm_policy_alloc()
291 		rwlock_init(&policy->lock);  in xfrm_policy_alloc()
292 		atomic_set(&policy->refcnt, 1);  in xfrm_policy_alloc()
293 		skb_queue_head_init(&policy->polq.hold_queue);  in xfrm_policy_alloc()
294 		setup_timer(&policy->timer, xfrm_policy_timer,  in xfrm_policy_alloc()
295 				(unsigned long)policy);  in xfrm_policy_alloc()
296 		setup_timer(&policy->polq.hold_timer, xfrm_policy_queue_process,  in xfrm_policy_alloc()
297 			    (unsigned long)policy);  in xfrm_policy_alloc()
298 		policy->flo.ops = &xfrm_policy_fc_ops;  in xfrm_policy_alloc()
300 	return policy;  in xfrm_policy_alloc()
306 void xfrm_policy_destroy(struct xfrm_policy *policy)  in xfrm_policy_destroy()  argument
308 	BUG_ON(!policy->walk.dead);  in xfrm_policy_destroy()
310 	if (del_timer(&policy->timer) || del_timer(&policy->polq.hold_timer))  in xfrm_policy_destroy()
313 	security_xfrm_policy_free(policy->security);  in xfrm_policy_destroy()
314 	kfree(policy);  in xfrm_policy_destroy()
330 static void xfrm_policy_kill(struct xfrm_policy *policy)  in xfrm_policy_kill()  argument
332 	policy->walk.dead = 1;  in xfrm_policy_kill()
334 	atomic_inc(&policy->genid);  in xfrm_policy_kill()
336 	if (del_timer(&policy->polq.hold_timer))  in xfrm_policy_kill()
337 		xfrm_pol_put(policy);  in xfrm_policy_kill()
338 	xfrm_queue_purge(&policy->polq.hold_queue);  in xfrm_policy_kill()
340 	if (del_timer(&policy->timer))  in xfrm_policy_kill()
341 		xfrm_pol_put(policy);  in xfrm_policy_kill()
343 	xfrm_pol_put(policy);  in xfrm_policy_kill()
581 	struct xfrm_policy *policy;  in xfrm_hash_rebuild()  local
627 	list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {  in xfrm_hash_rebuild()
629 		chain = policy_hash_bysel(net, &policy->selector,  in xfrm_hash_rebuild()
630 					  policy->family,  in xfrm_hash_rebuild()
631 					  xfrm_policy_id2dir(policy->index));  in xfrm_hash_rebuild()
633 			if (policy->priority >= pol->priority)  in xfrm_hash_rebuild()
639 			hlist_add_behind(&policy->bydst, newpos);  in xfrm_hash_rebuild()
641 			hlist_add_head(&policy->bydst, chain);  in xfrm_hash_rebuild()
732 static bool xfrm_policy_mark_match(struct xfrm_policy *policy,  in xfrm_policy_mark_match()  argument
735 	u32 mark = policy->mark.v & policy->mark.m;  in xfrm_policy_mark_match()
737 	if (policy->mark.v == pol->mark.v && policy->mark.m == pol->mark.m)  in xfrm_policy_mark_match()
741 	    policy->priority == pol->priority)  in xfrm_policy_mark_match()
747 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)  in xfrm_policy_insert()  argument
749 	struct net *net = xp_net(policy);  in xfrm_policy_insert()
756 	chain = policy_hash_bysel(net, &policy->selector, policy->family, dir);  in xfrm_policy_insert()
760 		if (pol->type == policy->type &&  in xfrm_policy_insert()
761 		    !selector_cmp(&pol->selector, &policy->selector) &&  in xfrm_policy_insert()
762 		    xfrm_policy_mark_match(policy, pol) &&  in xfrm_policy_insert()
763 		    xfrm_sec_ctx_match(pol->security, policy->security) &&  in xfrm_policy_insert()
770 			if (policy->priority > pol->priority)  in xfrm_policy_insert()
772 		} else if (policy->priority >= pol->priority) {  in xfrm_policy_insert()
780 		hlist_add_behind(&policy->bydst, newpos);  in xfrm_policy_insert()
782 		hlist_add_head(&policy->bydst, chain);  in xfrm_policy_insert()
783 	__xfrm_policy_link(policy, dir);  in xfrm_policy_insert()
787 	if (policy->family == AF_INET)  in xfrm_policy_insert()
793 		xfrm_policy_requeue(delpol, policy);  in xfrm_policy_insert()
796 	policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir, policy->index);  in xfrm_policy_insert()
797 	hlist_add_head(&policy->byidx, net->xfrm.policy_byidx+idx_hash(net, policy->index));  in xfrm_policy_insert()
798 	policy->curlft.add_time = get_seconds();  in xfrm_policy_insert()
799 	policy->curlft.use_time = 0;  in xfrm_policy_insert()
800 	if (!mod_timer(&policy->timer, jiffies + HZ))  in xfrm_policy_insert()
801 		xfrm_pol_hold(policy);  in xfrm_policy_insert()
1395 xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl,  in xfrm_tmpl_resolve_one()  argument
1398 	struct net *net = xp_net(policy);  in xfrm_tmpl_resolve_one()
1405 	for (nx = 0, i = 0; i < policy->xfrm_nr; i++) {  in xfrm_tmpl_resolve_one()
1409 		struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];  in xfrm_tmpl_resolve_one()
1423 		x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);  in xfrm_tmpl_resolve_one()
1634 static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,  in xfrm_bundle_create()  argument
1639 	struct net *net = xp_net(policy);  in xfrm_bundle_create()
1651 	int family = policy->selector.family;  in xfrm_bundle_create()