--- /dev/null
+From 16c06d419ec62adc29be4a053c6a62eeeb4f6ca7 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Wed, 15 Jun 2016 14:18:59 +0200
+Subject: ovl: fix uid/gid when creating over whiteout
+
+[ Upstream commit d0e13f5bbe4be7c8f27736fc40503dcec04b7de0 ]
+
+Fix a regression when creating a file over a whiteout. The new
+file/directory needs to use the current fsuid/fsgid, not the ones from the
+mounter's credentials.
+
+The refcounting is a bit tricky: prepare_creds() sets an original refcount,
+override_creds() gets one more, which revert_cred() drops. So
+
+ 1) we need to expicitly put the mounter's credentials when overriding
+ with the updated one
+
+ 2) we need to put the original ref to the updated creds (and this can
+ safely be done before revert_creds(), since we'll still have the ref
+ from override_creds()).
+
+Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
+Fixes: 3fe6e52f0626 ("ovl: override creds with the ones from the superblock mounter")
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>
+---
+ fs/overlayfs/dir.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
+index f8aa54272121..eedacae889b9 100644
+--- a/fs/overlayfs/dir.c
++++ b/fs/overlayfs/dir.c
+@@ -408,12 +408,21 @@ static int ovl_create_or_link(struct dentry *dentry, int mode, dev_t rdev,
+ err = ovl_create_upper(dentry, inode, &stat, link, hardlink);
+ } else {
+ const struct cred *old_cred;
++ struct cred *override_cred;
+
+ old_cred = ovl_override_creds(dentry->d_sb);
+
+- err = ovl_create_over_whiteout(dentry, inode, &stat, link,
+- hardlink);
++ err = -ENOMEM;
++ override_cred = prepare_creds();
++ if (override_cred) {
++ override_cred->fsuid = old_cred->fsuid;
++ override_cred->fsgid = old_cred->fsgid;
++ put_cred(override_creds(override_cred));
++ put_cred(override_cred);
+
++ err = ovl_create_over_whiteout(dentry, inode, &stat,
++ link, hardlink);
++ }
+ revert_creds(old_cred);
+ }
+
+--
+2.19.1
+