115 	const struct landlock_ruleset ruleset = {  in build_check_ruleset()  local
119 	typeof(ruleset.fs_access_masks[0]) fs_access_mask = ~0;  in build_check_ruleset()
121 	BUILD_BUG_ON(ruleset.num_rules < LANDLOCK_MAX_NUM_RULES);  in build_check_ruleset()
122 	BUILD_BUG_ON(ruleset.num_layers < LANDLOCK_MAX_NUM_LAYERS);  in build_check_ruleset()
144 static int insert_rule(struct landlock_ruleset *const ruleset,  in insert_rule()  argument
154 	lockdep_assert_held(&ruleset->lock);  in insert_rule()
157 	walker_node = &(ruleset->root.rb_node);  in insert_rule()
200 		rb_replace_node(&this->node, &new_rule->node, &ruleset->root);  in insert_rule()
207 	if (ruleset->num_rules >= LANDLOCK_MAX_NUM_RULES)  in insert_rule()
213 	rb_insert_color(&new_rule->node, &ruleset->root);  in insert_rule()
214 	ruleset->num_rules++;  in insert_rule()
230 int landlock_insert_rule(struct landlock_ruleset *const ruleset,  in landlock_insert_rule()  argument
240 	return insert_rule(ruleset, object, &layers, ARRAY_SIZE(layers));  in landlock_insert_rule()
356 static void free_ruleset(struct landlock_ruleset *const ruleset)  in free_ruleset()  argument
361 	rbtree_postorder_for_each_entry_safe(freeme, next, &ruleset->root,  in free_ruleset()
364 	put_hierarchy(ruleset->hierarchy);  in free_ruleset()
365 	kfree(ruleset);  in free_ruleset()
368 void landlock_put_ruleset(struct landlock_ruleset *const ruleset)  in landlock_put_ruleset()  argument
371 	if (ruleset && refcount_dec_and_test(&ruleset->usage))  in landlock_put_ruleset()
372 		free_ruleset(ruleset);  in landlock_put_ruleset()
377 	struct landlock_ruleset *ruleset;  in free_ruleset_work()  local
379 	ruleset = container_of(work, struct landlock_ruleset, work_free);  in free_ruleset_work()
380 	free_ruleset(ruleset);  in free_ruleset_work()
383 void landlock_put_ruleset_deferred(struct landlock_ruleset *const ruleset)  in landlock_put_ruleset_deferred()  argument
385 	if (ruleset && refcount_dec_and_test(&ruleset->usage)) {  in landlock_put_ruleset_deferred()
386 		INIT_WORK(&ruleset->work_free, free_ruleset_work);  in landlock_put_ruleset_deferred()
387 		schedule_work(&ruleset->work_free);  in landlock_put_ruleset_deferred()
402 		struct landlock_ruleset *const ruleset)  in landlock_merge_ruleset()  argument
409 	if (WARN_ON_ONCE(!ruleset || parent == ruleset))  in landlock_merge_ruleset()
438 	err = merge_ruleset(new_dom, ruleset);  in landlock_merge_ruleset()
453 		const struct landlock_ruleset *const ruleset,  in landlock_find_rule()  argument
460 	node = ruleset->root.rb_node;  in landlock_find_rule()