1 files changed, 18 insertions, 8 deletions

diff --git a/include/linux/security.h b/include/linux/security.h
index 9d37e2b9d3ec..5623a7f965b7 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1052,17 +1052,25 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  * @xfrm_policy_delete_security:
  *      @ctx contains the xfrm_sec_ctx.
  *      Authorize deletion of xp->security.
- * @xfrm_state_alloc_security:
+ * @xfrm_state_alloc:
  *      @x contains the xfrm_state being added to the Security Association
  *      Database by the XFRM system.
  *      @sec_ctx contains the security context information being provided by
  *      the user-level SA generation program (e.g., setkey or racoon).
- *      @secid contains the secid from which to take the mls portion of the context.
  *      Allocate a security structure to the x->security field; the security
  *      field is initialized to NULL when the xfrm_state is allocated. Set the
- *      context to correspond to either sec_ctx or polsec, with the mls portion
- *      taken from secid in the latter case.
- *      Return 0 if operation was successful (memory to allocate, legal context).
+ *      context to correspond to sec_ctx. Return 0 if operation was successful
+ *      (memory to allocate, legal context).
+ * @xfrm_state_alloc_acquire:
+ *      @x contains the xfrm_state being added to the Security Association
+ *      Database by the XFRM system.
+ *      @polsec contains the policy's security context.
+ *      @secid contains the secid from which to take the mls portion of the
+ *      context.
+ *      Allocate a security structure to the x->security field; the security
+ *      field is initialized to NULL when the xfrm_state is allocated. Set the
+ *      context to correspond to secid. Return 0 if operation was successful
+ *      (memory to allocate, legal context).
  * @xfrm_state_free_security:
  *      @x contains the xfrm_state.
  *      Deallocate x->security.
@@ -1679,9 +1687,11 @@ struct security_operations {
         int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
         void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
         int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
-        int (*xfrm_state_alloc_security) (struct xfrm_state *x,
-                struct xfrm_user_sec_ctx *sec_ctx,
-                u32 secid);
+        int (*xfrm_state_alloc) (struct xfrm_state *x,
+                                 struct xfrm_user_sec_ctx *sec_ctx);
+        int (*xfrm_state_alloc_acquire) (struct xfrm_state *x,
+                                         struct xfrm_sec_ctx *polsec,
+                                         u32 secid);
         void (*xfrm_state_free_security) (struct xfrm_state *x);
         int (*xfrm_state_delete_security) (struct xfrm_state *x);
         int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);