[PATCH 1/2] acl: handle idmapped mounts for idmapped filesystems

[PATCH 1/2] acl: handle idmapped mounts for idmapped filesystems

[Christian Brauner]

Ensure that POSIX ACLs checking, getting, and setting works correctly
for filesystems mountable with a filesystem idmapping ("fs_idmapping")
that want to support idmapped mounts ("mnt_idmapping").

Note that no filesystems mountable with an fs_idmapping do yet support
idmapped mounts. This is required infrastructure work to unblock this.

As we explained in detail in [1] the fs_idmapping is irrelevant for
getxattr() and setxattr() when mapping the ACL_{GROUP,USER} {g,u}ids
stored in the uapi struct posix_acl_xattr_entry in
posix_acl_fix_xattr_{from,to}_user().

But for acl_permission_check() and posix_acl_{g,s}etxattr_idmapped_mnt()
the fs_idmapping matters.

acl_permission_check():
  During lookup POSIX ACLs are retrieved directly via i_op->get_acl() and
  are returned via the kernel internal struct posix_acl which contains
  e_{g,u}id members of type k{g,u}id_t that already take the
  fs_idmapping into acccount.

  For example, a POSIX ACL stored with u4 on the backing store is mapped
  to k10000004 in the fs_idmapping. The mnt_idmapping remaps the POSIX ACL
  to k20000004. In order to do that the fs_idmapping needs to be taken
  into account but that doesn't happen yet (Again, this is a
  counterfactual currently as fuse doesn't support idmapped mounts
  currently. It's just used as a convenient example.):

  fs_idmapping:  u0:k10000000:r65536
  mnt_idmapping: u0:v20000000:r65536
  ACL_USER:      k10000004

  acl_permission_check()
  -> check_acl()
     -> get_acl()
        -> i_op->get_acl() == fuse_get_acl()
           -> posix_acl_from_xattr(u0:k10000000:r65536 /* fs_idmapping */, ...)
              {
                      k10000004 = make_kuid(u0:k10000000:r65536 /* fs_idmapping */,
                                            u4 /* ACL_USER */);
              }
     -> posix_acl_permission()
        {
                -1 = make_vfsuid(u0:v20000000:r65536 /* mnt_idmapping */,
                                 &init_user_ns,
                                 k10000004);
                vfsuid_eq_kuid(-1, k10000004 /* caller_fsuid */)
        }

  In order to correctly map from the fs_idmapping into mnt_idmapping we
  require the relevant fs_idmaping to be passed:

  acl_permission_check()
  -> check_acl()
     -> get_acl()
        -> i_op->get_acl() == fuse_get_acl()
           -> posix_acl_from_xattr(u0:k10000000:r65536 /* fs_idmapping */, ...)
              {
                      k10000004 = make_kuid(u0:k10000000:r65536 /* fs_idmapping */,
                                            u4 /* ACL_USER */);
              }
     -> posix_acl_permission()
        {
                v20000004 = make_vfsuid(u0:v20000000:r65536 /* mnt_idmapping */,
                                        u0:k10000000:r65536 /* fs_idmapping */,
                                        k10000004);
                vfsuid_eq_kuid(v20000004, k10000004 /* caller_fsuid */)
        }

  The initial_idmapping is only correct for the current situation because
  all filesystems that currently support idmapped mounts do not support
  being mounted with an fs_idmapping.

  Note that ovl_get_acl() is used to retrieve the POSIX ACLs from the
  relevant lower layer and the lower layer's mnt_idmapping needs to be
  taken into account and so does the fs_idmapping. See 0c5fd887d2bb ("acl:
  move idmapped mount fixup into vfs_{g,s}etxattr()") for more details.

For posix_acl_{g,s}etxattr_idmapped_mnt() it is not as obvious why the
fs_idmapping matters as it is for acl_permission_check(). Especially
because it doesn't matter for posix_acl_fix_xattr_{from,to}_user() (See
[1] for more context.).

Because posix_acl_{g,s}etxattr_idmapped_mnt() operate on the uapi
struct posix_acl_xattr_entry which contains {g,u}id_t values and thus
give the impression that the fs_idmapping is irrelevant as at this point
appropriate {g,u}id_t values have seemlingly been generated.

As we've stated multiple times this assumption is wrong and in fact the
uapi struct posix_acl_xattr_entry is taking idmappings into account
depending at what place it is operated on.

posix_acl_getxattr_idmapped_mnt()
  When posix_acl_getxattr_idmapped_mnt() is called the values stored in
  the uapi struct posix_acl_xattr_entry are mapped according to the
  fs_idmapping. This happened when they were read from the backing store
  and then translated from struct posix_acl into the uapi
  struct posix_acl_xattr_entry during posix_acl_to_xattr().

  In other words, the fs_idmapping matters as the values stored as
  {g,u}id_t in the uapi struct posix_acl_xattr_entry have been generated
  by it.

  So we need to take the fs_idmapping into account during make_vfsuid()
  in posix_acl_getxattr_idmapped_mnt().

posix_acl_setxattr_idmapped_mnt()
  When posix_acl_setxattr_idmapped_mnt() is called the values stored as
  {g,u}id_t in uapi struct posix_acl_xattr_entry are intended to be the
  values that ultimately get turned back into a k{g,u}id_t in
  posix_acl_from_xattr() (which turns the uapi
  struct posix_acl_xattr_entry into the kernel internal struct posix_acl).

  In other words, the fs_idmapping matters as the values stored as
  {g,u}id_t in the uapi struct posix_acl_xattr_entry are intended to be
  the values that will be undone in the fs_idmapping when writing to the
  backing store.

  So we need to take the fs_idmapping into account during from_vfsuid()
  in posix_acl_setxattr_idmapped_mnt().

Link: https://lore.kernel.org/all/20220801145520.1532837-1-brauner@kernel.org [1]
Fixes: 0c5fd887d2bb ("acl: move idmapped mount fixup into vfs_{g,s}etxattr()")
Cc: Seth Forshee <sforshee@digitalocean.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
 fs/overlayfs/inode.c | 11 +++++++----
 fs/posix_acl.c       | 15 +++++++++------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index b45fea69fff3..0fbcb590af84 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -460,9 +460,12 @@ ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
  * of the POSIX ACLs retrieved from the lower layer to this function to not
  * alter the POSIX ACLs for the underlying filesystem.
  */
-static void ovl_idmap_posix_acl(struct user_namespace *mnt_userns,
+static void ovl_idmap_posix_acl(struct inode *realinode,
+				struct user_namespace *mnt_userns,
 				struct posix_acl *acl)
 {
+	struct user_namespace *fs_userns = i_user_ns(realinode);
+
 	for (unsigned int i = 0; i < acl->a_count; i++) {
 		vfsuid_t vfsuid;
 		vfsgid_t vfsgid;
@@ -470,11 +473,11 @@ static void ovl_idmap_posix_acl(struct user_namespace *mnt_userns,
 		struct posix_acl_entry *e = &acl->a_entries[i];
 		switch (e->e_tag) {
 		case ACL_USER:
-			vfsuid = make_vfsuid(mnt_userns, &init_user_ns, e->e_uid);
+			vfsuid = make_vfsuid(mnt_userns, fs_userns, e->e_uid);
 			e->e_uid = vfsuid_into_kuid(vfsuid);
 			break;
 		case ACL_GROUP:
-			vfsgid = make_vfsgid(mnt_userns, &init_user_ns, e->e_gid);
+			vfsgid = make_vfsgid(mnt_userns, fs_userns, e->e_gid);
 			e->e_gid = vfsgid_into_kgid(vfsgid);
 			break;
 		}
@@ -536,7 +539,7 @@ struct posix_acl *ovl_get_acl(struct inode *inode, int type, bool rcu)
 	if (!clone)
 		clone = ERR_PTR(-ENOMEM);
 	else
-		ovl_idmap_posix_acl(mnt_user_ns(realpath.mnt), clone);
+		ovl_idmap_posix_acl(realinode, mnt_user_ns(realpath.mnt), clone);
 	/*
 	 * Since we're not in RCU path walk we always need to release the
 	 * original ACLs.
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index 1d17d7b13dcd..5af33800743e 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -361,6 +361,7 @@ posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode,
 		     const struct posix_acl *acl, int want)
 {
 	const struct posix_acl_entry *pa, *pe, *mask_obj;
+	struct user_namespace *fs_userns = i_user_ns(inode);
 	int found = 0;
 	vfsuid_t vfsuid;
 	vfsgid_t vfsgid;
@@ -376,7 +377,7 @@ posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode,
                                         goto check_perm;
                                 break;
                         case ACL_USER:
-				vfsuid = make_vfsuid(mnt_userns, &init_user_ns,
+				vfsuid = make_vfsuid(mnt_userns, fs_userns,
 						     pa->e_uid);
 				if (vfsuid_eq_kuid(vfsuid, current_fsuid()))
                                         goto mask;
@@ -390,7 +391,7 @@ posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode,
                                 }
 				break;
                         case ACL_GROUP:
-				vfsgid = make_vfsgid(mnt_userns, &init_user_ns,
+				vfsgid = make_vfsgid(mnt_userns, fs_userns,
 						     pa->e_gid);
 				if (vfsgid_in_group_p(vfsgid)) {
 					found = 1;
@@ -736,6 +737,7 @@ void posix_acl_getxattr_idmapped_mnt(struct user_namespace *mnt_userns,
 {
 	struct posix_acl_xattr_header *header = value;
 	struct posix_acl_xattr_entry *entry = (void *)(header + 1), *end;
+	struct user_namespace *fs_userns = i_user_ns(inode);
 	int count;
 	vfsuid_t vfsuid;
 	vfsgid_t vfsgid;
@@ -753,13 +755,13 @@ void posix_acl_getxattr_idmapped_mnt(struct user_namespace *mnt_userns,
 		switch (le16_to_cpu(entry->e_tag)) {
 		case ACL_USER:
 			uid = make_kuid(&init_user_ns, le32_to_cpu(entry->e_id));
-			vfsuid = make_vfsuid(mnt_userns, &init_user_ns, uid);
+			vfsuid = make_vfsuid(mnt_userns, fs_userns, uid);
 			entry->e_id = cpu_to_le32(from_kuid(&init_user_ns,
 						vfsuid_into_kuid(vfsuid)));
 			break;
 		case ACL_GROUP:
 			gid = make_kgid(&init_user_ns, le32_to_cpu(entry->e_id));
-			vfsgid = make_vfsgid(mnt_userns, &init_user_ns, gid);
+			vfsgid = make_vfsgid(mnt_userns, fs_userns, gid);
 			entry->e_id = cpu_to_le32(from_kgid(&init_user_ns,
 						vfsgid_into_kgid(vfsgid)));
 			break;
@@ -775,6 +777,7 @@ void posix_acl_setxattr_idmapped_mnt(struct user_namespace *mnt_userns,
 {
 	struct posix_acl_xattr_header *header = value;
 	struct posix_acl_xattr_entry *entry = (void *)(header + 1), *end;
+	struct user_namespace *fs_userns = i_user_ns(inode);
 	int count;
 	vfsuid_t vfsuid;
 	vfsgid_t vfsgid;
@@ -793,13 +796,13 @@ void posix_acl_setxattr_idmapped_mnt(struct user_namespace *mnt_userns,
 		case ACL_USER:
 			uid = make_kuid(&init_user_ns, le32_to_cpu(entry->e_id));
 			vfsuid = VFSUIDT_INIT(uid);
-			uid = from_vfsuid(mnt_userns, &init_user_ns, vfsuid);
+			uid = from_vfsuid(mnt_userns, fs_userns, vfsuid);
 			entry->e_id = cpu_to_le32(from_kuid(&init_user_ns, uid));
 			break;
 		case ACL_GROUP:
 			gid = make_kgid(&init_user_ns, le32_to_cpu(entry->e_id));
 			vfsgid = VFSGIDT_INIT(gid);
-			gid = from_vfsgid(mnt_userns, &init_user_ns, vfsgid);
+			gid = from_vfsgid(mnt_userns, fs_userns, vfsgid);
 			entry->e_id = cpu_to_le32(from_kgid(&init_user_ns, gid));
 			break;
 		default:

base-commit: 568035b01cfb107af8d2e4bd2fb9aea22cf5b868
-- 
2.34.1

[PATCH 2/2] MAINTAINERS: update idmapping tree

[Christian Brauner]

Since Seth joined as a maintainer in ba40a57ff08b ("Add Seth Forshee as
co-maintainer for idmapped mounts") it was best to get a shared git tree
instead of using our personal repositories. So we requested and
Konstantin suggested and gave us a new "idmapping" repository under the
pre-existing but mainly unused vfs namespace. Just makes it easier for
Seth to send fixes in case I'm out or someone else ever takes over.

Cc: Seth Forshee <sforshee@digitalocean.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
 MAINTAINERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 8a5012ba6ff9..a558794dddf9 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9780,7 +9780,7 @@ M:	Christian Brauner <brauner@kernel.org>
 M:	Seth Forshee <sforshee@kernel.org>
 L:	linux-fsdevel@vger.kernel.org
 S:	Maintained
-T:	git git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git
+T:	git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git
 F:	Documentation/filesystems/idmappings.rst
 F:	tools/testing/selftests/mount_setattr/
 F:	include/linux/mnt_idmapping.h
-- 
2.34.1

Re: [PATCH 1/2] acl: handle idmapped mounts for idmapped filesystems

[Seth Forshee]

On Tue, Aug 16, 2022 at 01:35:13PM +0200, Christian Brauner wrote:
> Ensure that POSIX ACLs checking, getting, and setting works correctly
> for filesystems mountable with a filesystem idmapping ("fs_idmapping")
> that want to support idmapped mounts ("mnt_idmapping").
> 
> Note that no filesystems mountable with an fs_idmapping do yet support
> idmapped mounts. This is required infrastructure work to unblock this.
> 
> As we explained in detail in [1] the fs_idmapping is irrelevant for
> getxattr() and setxattr() when mapping the ACL_{GROUP,USER} {g,u}ids
> stored in the uapi struct posix_acl_xattr_entry in
> posix_acl_fix_xattr_{from,to}_user().
> 
> But for acl_permission_check() and posix_acl_{g,s}etxattr_idmapped_mnt()
> the fs_idmapping matters.
> 
> acl_permission_check():
>   During lookup POSIX ACLs are retrieved directly via i_op->get_acl() and
>   are returned via the kernel internal struct posix_acl which contains
>   e_{g,u}id members of type k{g,u}id_t that already take the
>   fs_idmapping into acccount.
> 
>   For example, a POSIX ACL stored with u4 on the backing store is mapped
>   to k10000004 in the fs_idmapping. The mnt_idmapping remaps the POSIX ACL
>   to k20000004. In order to do that the fs_idmapping needs to be taken
>   into account but that doesn't happen yet (Again, this is a
>   counterfactual currently as fuse doesn't support idmapped mounts
>   currently. It's just used as a convenient example.):
> 
>   fs_idmapping:  u0:k10000000:r65536
>   mnt_idmapping: u0:v20000000:r65536
>   ACL_USER:      k10000004
> 
>   acl_permission_check()
>   -> check_acl()
>      -> get_acl()
>         -> i_op->get_acl() == fuse_get_acl()
>            -> posix_acl_from_xattr(u0:k10000000:r65536 /* fs_idmapping */, ...)
>               {
>                       k10000004 = make_kuid(u0:k10000000:r65536 /* fs_idmapping */,
>                                             u4 /* ACL_USER */);
>               }
>      -> posix_acl_permission()
>         {
>                 -1 = make_vfsuid(u0:v20000000:r65536 /* mnt_idmapping */,
>                                  &init_user_ns,
>                                  k10000004);
>                 vfsuid_eq_kuid(-1, k10000004 /* caller_fsuid */)
>         }
> 
>   In order to correctly map from the fs_idmapping into mnt_idmapping we
>   require the relevant fs_idmaping to be passed:
> 
>   acl_permission_check()
>   -> check_acl()
>      -> get_acl()
>         -> i_op->get_acl() == fuse_get_acl()
>            -> posix_acl_from_xattr(u0:k10000000:r65536 /* fs_idmapping */, ...)
>               {
>                       k10000004 = make_kuid(u0:k10000000:r65536 /* fs_idmapping */,
>                                             u4 /* ACL_USER */);
>               }
>      -> posix_acl_permission()
>         {
>                 v20000004 = make_vfsuid(u0:v20000000:r65536 /* mnt_idmapping */,
>                                         u0:k10000000:r65536 /* fs_idmapping */,
>                                         k10000004);
>                 vfsuid_eq_kuid(v20000004, k10000004 /* caller_fsuid */)
>         }
> 
>   The initial_idmapping is only correct for the current situation because
>   all filesystems that currently support idmapped mounts do not support
>   being mounted with an fs_idmapping.
> 
>   Note that ovl_get_acl() is used to retrieve the POSIX ACLs from the
>   relevant lower layer and the lower layer's mnt_idmapping needs to be
>   taken into account and so does the fs_idmapping. See 0c5fd887d2bb ("acl:
>   move idmapped mount fixup into vfs_{g,s}etxattr()") for more details.
> 
> For posix_acl_{g,s}etxattr_idmapped_mnt() it is not as obvious why the
> fs_idmapping matters as it is for acl_permission_check(). Especially
> because it doesn't matter for posix_acl_fix_xattr_{from,to}_user() (See
> [1] for more context.).
> 
> Because posix_acl_{g,s}etxattr_idmapped_mnt() operate on the uapi
> struct posix_acl_xattr_entry which contains {g,u}id_t values and thus
> give the impression that the fs_idmapping is irrelevant as at this point
> appropriate {g,u}id_t values have seemlingly been generated.
> 
> As we've stated multiple times this assumption is wrong and in fact the
> uapi struct posix_acl_xattr_entry is taking idmappings into account
> depending at what place it is operated on.
> 
> posix_acl_getxattr_idmapped_mnt()
>   When posix_acl_getxattr_idmapped_mnt() is called the values stored in
>   the uapi struct posix_acl_xattr_entry are mapped according to the
>   fs_idmapping. This happened when they were read from the backing store
>   and then translated from struct posix_acl into the uapi
>   struct posix_acl_xattr_entry during posix_acl_to_xattr().
> 
>   In other words, the fs_idmapping matters as the values stored as
>   {g,u}id_t in the uapi struct posix_acl_xattr_entry have been generated
>   by it.
> 
>   So we need to take the fs_idmapping into account during make_vfsuid()
>   in posix_acl_getxattr_idmapped_mnt().
> 
> posix_acl_setxattr_idmapped_mnt()
>   When posix_acl_setxattr_idmapped_mnt() is called the values stored as
>   {g,u}id_t in uapi struct posix_acl_xattr_entry are intended to be the
>   values that ultimately get turned back into a k{g,u}id_t in
>   posix_acl_from_xattr() (which turns the uapi
>   struct posix_acl_xattr_entry into the kernel internal struct posix_acl).
> 
>   In other words, the fs_idmapping matters as the values stored as
>   {g,u}id_t in the uapi struct posix_acl_xattr_entry are intended to be
>   the values that will be undone in the fs_idmapping when writing to the
>   backing store.
> 
>   So we need to take the fs_idmapping into account during from_vfsuid()
>   in posix_acl_setxattr_idmapped_mnt().
> 
> Link: https://lore.kernel.org/all/20220801145520.1532837-1-brauner@kernel.org [1]
> Fixes: 0c5fd887d2bb ("acl: move idmapped mount fixup into vfs_{g,s}etxattr()")
> Cc: Seth Forshee <sforshee@digitalocean.com>
> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>

Looks good to me.

Reviewed-by: Seth Forshee <sforshee@digitalocean.com>

> ---
>  fs/overlayfs/inode.c | 11 +++++++----
>  fs/posix_acl.c       | 15 +++++++++------
>  2 files changed, 16 insertions(+), 10 deletions(-)
> 
> diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
> index b45fea69fff3..0fbcb590af84 100644
> --- a/fs/overlayfs/inode.c
> +++ b/fs/overlayfs/inode.c
> @@ -460,9 +460,12 @@ ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
>   * of the POSIX ACLs retrieved from the lower layer to this function to not
>   * alter the POSIX ACLs for the underlying filesystem.
>   */
> -static void ovl_idmap_posix_acl(struct user_namespace *mnt_userns,
> +static void ovl_idmap_posix_acl(struct inode *realinode,
> +				struct user_namespace *mnt_userns,
>  				struct posix_acl *acl)
>  {
> +	struct user_namespace *fs_userns = i_user_ns(realinode);
> +
>  	for (unsigned int i = 0; i < acl->a_count; i++) {
>  		vfsuid_t vfsuid;
>  		vfsgid_t vfsgid;
> @@ -470,11 +473,11 @@ static void ovl_idmap_posix_acl(struct user_namespace *mnt_userns,
>  		struct posix_acl_entry *e = &acl->a_entries[i];
>  		switch (e->e_tag) {
>  		case ACL_USER:
> -			vfsuid = make_vfsuid(mnt_userns, &init_user_ns, e->e_uid);
> +			vfsuid = make_vfsuid(mnt_userns, fs_userns, e->e_uid);
>  			e->e_uid = vfsuid_into_kuid(vfsuid);
>  			break;
>  		case ACL_GROUP:
> -			vfsgid = make_vfsgid(mnt_userns, &init_user_ns, e->e_gid);
> +			vfsgid = make_vfsgid(mnt_userns, fs_userns, e->e_gid);
>  			e->e_gid = vfsgid_into_kgid(vfsgid);
>  			break;
>  		}
> @@ -536,7 +539,7 @@ struct posix_acl *ovl_get_acl(struct inode *inode, int type, bool rcu)
>  	if (!clone)
>  		clone = ERR_PTR(-ENOMEM);
>  	else
> -		ovl_idmap_posix_acl(mnt_user_ns(realpath.mnt), clone);
> +		ovl_idmap_posix_acl(realinode, mnt_user_ns(realpath.mnt), clone);
>  	/*
>  	 * Since we're not in RCU path walk we always need to release the
>  	 * original ACLs.
> diff --git a/fs/posix_acl.c b/fs/posix_acl.c
> index 1d17d7b13dcd..5af33800743e 100644
> --- a/fs/posix_acl.c
> +++ b/fs/posix_acl.c
> @@ -361,6 +361,7 @@ posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode,
>  		     const struct posix_acl *acl, int want)
>  {
>  	const struct posix_acl_entry *pa, *pe, *mask_obj;
> +	struct user_namespace *fs_userns = i_user_ns(inode);
>  	int found = 0;
>  	vfsuid_t vfsuid;
>  	vfsgid_t vfsgid;
> @@ -376,7 +377,7 @@ posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode,
>                                          goto check_perm;
>                                  break;
>                          case ACL_USER:
> -				vfsuid = make_vfsuid(mnt_userns, &init_user_ns,
> +				vfsuid = make_vfsuid(mnt_userns, fs_userns,
>  						     pa->e_uid);
>  				if (vfsuid_eq_kuid(vfsuid, current_fsuid()))
>                                          goto mask;
> @@ -390,7 +391,7 @@ posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode,
>                                  }
>  				break;
>                          case ACL_GROUP:
> -				vfsgid = make_vfsgid(mnt_userns, &init_user_ns,
> +				vfsgid = make_vfsgid(mnt_userns, fs_userns,
>  						     pa->e_gid);
>  				if (vfsgid_in_group_p(vfsgid)) {
>  					found = 1;
> @@ -736,6 +737,7 @@ void posix_acl_getxattr_idmapped_mnt(struct user_namespace *mnt_userns,
>  {
>  	struct posix_acl_xattr_header *header = value;
>  	struct posix_acl_xattr_entry *entry = (void *)(header + 1), *end;
> +	struct user_namespace *fs_userns = i_user_ns(inode);
>  	int count;
>  	vfsuid_t vfsuid;
>  	vfsgid_t vfsgid;
> @@ -753,13 +755,13 @@ void posix_acl_getxattr_idmapped_mnt(struct user_namespace *mnt_userns,
>  		switch (le16_to_cpu(entry->e_tag)) {
>  		case ACL_USER:
>  			uid = make_kuid(&init_user_ns, le32_to_cpu(entry->e_id));
> -			vfsuid = make_vfsuid(mnt_userns, &init_user_ns, uid);
> +			vfsuid = make_vfsuid(mnt_userns, fs_userns, uid);
>  			entry->e_id = cpu_to_le32(from_kuid(&init_user_ns,
>  						vfsuid_into_kuid(vfsuid)));
>  			break;
>  		case ACL_GROUP:
>  			gid = make_kgid(&init_user_ns, le32_to_cpu(entry->e_id));
> -			vfsgid = make_vfsgid(mnt_userns, &init_user_ns, gid);
> +			vfsgid = make_vfsgid(mnt_userns, fs_userns, gid);
>  			entry->e_id = cpu_to_le32(from_kgid(&init_user_ns,
>  						vfsgid_into_kgid(vfsgid)));
>  			break;
> @@ -775,6 +777,7 @@ void posix_acl_setxattr_idmapped_mnt(struct user_namespace *mnt_userns,
>  {
>  	struct posix_acl_xattr_header *header = value;
>  	struct posix_acl_xattr_entry *entry = (void *)(header + 1), *end;
> +	struct user_namespace *fs_userns = i_user_ns(inode);
>  	int count;
>  	vfsuid_t vfsuid;
>  	vfsgid_t vfsgid;
> @@ -793,13 +796,13 @@ void posix_acl_setxattr_idmapped_mnt(struct user_namespace *mnt_userns,
>  		case ACL_USER:
>  			uid = make_kuid(&init_user_ns, le32_to_cpu(entry->e_id));
>  			vfsuid = VFSUIDT_INIT(uid);
> -			uid = from_vfsuid(mnt_userns, &init_user_ns, vfsuid);
> +			uid = from_vfsuid(mnt_userns, fs_userns, vfsuid);
>  			entry->e_id = cpu_to_le32(from_kuid(&init_user_ns, uid));
>  			break;
>  		case ACL_GROUP:
>  			gid = make_kgid(&init_user_ns, le32_to_cpu(entry->e_id));
>  			vfsgid = VFSGIDT_INIT(gid);
> -			gid = from_vfsgid(mnt_userns, &init_user_ns, vfsgid);
> +			gid = from_vfsgid(mnt_userns, fs_userns, vfsgid);
>  			entry->e_id = cpu_to_le32(from_kgid(&init_user_ns, gid));
>  			break;
>  		default:
> 
> base-commit: 568035b01cfb107af8d2e4bd2fb9aea22cf5b868
> -- 
> 2.34.1
>