1 files changed, 4 insertions, 4 deletions
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index edc452c2a563..59d47ab0791a 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -205,7 +205,7 @@ posix_acl_clone(const struct posix_acl *acl, gfp_t flags)
 * Check if an acl is valid. Returns 0 if it is, or -E... otherwise.
 */
 int
-posix_acl_valid(const struct posix_acl *acl)
+posix_acl_valid(struct user_namespace *user_ns, const struct posix_acl *acl)
 {
        const struct posix_acl_entry *pa, *pe;
        int state = ACL_USER_OBJ;
@@ -225,7 +225,7 @@ posix_acl_valid(const struct posix_acl *acl)
                        case ACL_USER:
                                if (state != ACL_USER)
                                        return -EINVAL;
-                                if (!uid_valid(pa->e_uid))
+                                if (!kuid_has_mapping(user_ns, pa->e_uid))
                                        return -EINVAL;
                                needs_mask = 1;
                                break;
@@ -240,7 +240,7 @@ posix_acl_valid(const struct posix_acl *acl)
                        case ACL_GROUP:
                                if (state != ACL_GROUP)
                                        return -EINVAL;
-                                if (!gid_valid(pa->e_gid))
+                                if (!kgid_has_mapping(user_ns, pa->e_gid))
                                        return -EINVAL;
                                needs_mask = 1;
                                break;
@@ -834,7 +834,7 @@ set_posix_acl(struct inode *inode, int type, struct posix_acl *acl)
                return -EPERM;
        if (acl) {
-                int ret = posix_acl_valid(acl);
+                int ret = posix_acl_valid(inode->i_sb->s_user_ns, acl);
                if (ret)
                        return ret;
        }

diff --git a/fs/posix_acl.c b/fs/posix_acl.c index edc452c2a563..59d47ab0791a 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c
@@ -205,7 +205,7 @@ posix_acl_clone(const struct posix_acl *acl, gfp_t flags)
205	* Check if an acl is valid. Returns 0 if it is, or -E... otherwise.	205	* Check if an acl is valid. Returns 0 if it is, or -E... otherwise.
206	*/	206	*/
207	int	207	int
208	posix_acl_valid(const struct posix_acl *acl)	208	posix_acl_valid(struct user_namespace user_ns, const struct posix_acl acl)
209	{	209	{
210	const struct posix_acl_entry pa, pe;	210	const struct posix_acl_entry pa, pe;
211	int state = ACL_USER_OBJ;	211	int state = ACL_USER_OBJ;
@@ -225,7 +225,7 @@ posix_acl_valid(const struct posix_acl *acl)
225	case ACL_USER:	225	case ACL_USER:
226	if (state != ACL_USER)	226	if (state != ACL_USER)
227	return -EINVAL;	227	return -EINVAL;
228	if (!uid_valid(pa->e_uid))	228	if (!kuid_has_mapping(user_ns, pa->e_uid))
229	return -EINVAL;	229	return -EINVAL;
230	needs_mask = 1;	230	needs_mask = 1;
231	break;	231	break;
@@ -240,7 +240,7 @@ posix_acl_valid(const struct posix_acl *acl)
240	case ACL_GROUP:	240	case ACL_GROUP:
241	if (state != ACL_GROUP)	241	if (state != ACL_GROUP)
242	return -EINVAL;	242	return -EINVAL;
243	if (!gid_valid(pa->e_gid))	243	if (!kgid_has_mapping(user_ns, pa->e_gid))
244	return -EINVAL;	244	return -EINVAL;
245	needs_mask = 1;	245	needs_mask = 1;
246	break;	246	break;
@@ -834,7 +834,7 @@ set_posix_acl(struct inode inode, int type, struct posix_acl acl)
834	return -EPERM;	834	return -EPERM;
835		835
836	if (acl) {	836	if (acl) {
837	int ret = posix_acl_valid(acl);	837	int ret = posix_acl_valid(inode->i_sb->s_user_ns, acl);
838	if (ret)	838	if (ret)
839	return ret;	839	return ret;
840	}	840	}