1 files changed, 10 insertions, 9 deletions

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index b446ca31fecc..1cf3209cdf4b 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -908,6 +908,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
         xfrm_address_t *daddr, *saddr;
         struct hlist_node *entry;
         struct hlist_head *chain;
+        u32 priority = ~0U;
 
         daddr = xfrm_flowi_daddr(fl, family);
         saddr = xfrm_flowi_saddr(fl, family);
@@ -919,21 +920,21 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
         ret = NULL;
         hlist_for_each_entry(pol, entry, chain, bydst) {
                 if (xfrm_policy_match(pol, fl, type, family, dir)) {
-                        xfrm_pol_hold(pol);
                         ret = pol;
+                        priority = ret->priority;
                         break;
                 }
         }
-        if (!ret) {
-                chain = &xfrm_policy_inexact[dir];
-                hlist_for_each_entry(pol, entry, chain, bydst) {
-                        if (xfrm_policy_match(pol, fl, type, family, dir)) {
-                                xfrm_pol_hold(pol);
-                                ret = pol;
-                                break;
-                        }
+        chain = &xfrm_policy_inexact[dir];
+        hlist_for_each_entry(pol, entry, chain, bydst) {
+                if (xfrm_policy_match(pol, fl, type, family, dir) &&
+                    pol->priority < priority) {
+                        ret = pol;
+                        break;
                 }
         }
+        if (ret)
+                xfrm_pol_hold(ret);
         read_unlock_bh(&xfrm_policy_lock);
 
         return ret;