diff --git a/[refs] b/[refs]
index 0049d8e3a748..f0335d8a318c 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: c9bfcb3151040cff6714542d1da04ccd7e2d3efc
+refs/heads/master: 4cd1a8fc3d3cd740416b14ece2693dbb5d065eaf
diff --git a/trunk/fs/exec.c b/trunk/fs/exec.c
index aeaa9791d8be..1f8a24aa1f8b 100644
--- a/trunk/fs/exec.c
+++ b/trunk/fs/exec.c
@@ -736,7 +736,7 @@ static int exec_mmap(struct mm_struct *mm)
 	tsk->active_mm = mm;
 	activate_mm(active_mm, mm);
 	task_unlock(tsk);
-	mm_update_next_owner(mm);
+	mm_update_next_owner(old_mm);
 	arch_pick_mmap_layout(mm);
 	if (old_mm) {
 		up_read(&old_mm->mmap_sem);
diff --git a/trunk/include/linux/mm_types.h b/trunk/include/linux/mm_types.h
index eb7c16cc9559..02a27ae78539 100644
--- a/trunk/include/linux/mm_types.h
+++ b/trunk/include/linux/mm_types.h
@@ -226,8 +226,17 @@ struct mm_struct {
 	rwlock_t		ioctx_list_lock;	/* aio lock */
 	struct kioctx		*ioctx_list;
 #ifdef CONFIG_MM_OWNER
-	struct task_struct *owner;	/* The thread group leader that */
-					/* owns the mm_struct.		*/
+	/*
+	 * "owner" points to a task that is regarded as the canonical
+	 * user/owner of this mm. All of the following must be true in
+	 * order for it to be changed:
+	 *
+	 * current == mm->owner
+	 * current->mm != mm
+	 * new_owner->mm == mm
+	 * new_owner->alloc_lock is held
+	 */
+	struct task_struct *owner;
 #endif
 
 #ifdef CONFIG_PROC_FS