diff --git a/[refs] b/[refs]
index 16b698b943d1..b35e13bcf7d2 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 80491eb90c750fcd7d13830062f27ae9b7cc5f75
+refs/heads/master: 45c18b0bb579b5c1b89f8c99f1b6ffa4c586ba08
diff --git a/trunk/kernel/user.c b/trunk/kernel/user.c
index 6408c0424291..220e586127a0 100644
--- a/trunk/kernel/user.c
+++ b/trunk/kernel/user.c
@@ -187,6 +187,17 @@ void switch_uid(struct user_struct *new_user)
 	atomic_dec(&old_user->processes);
 	switch_uid_keyring(new_user);
 	current->user = new_user;
+
+	/*
+	 * We need to synchronize with __sigqueue_alloc()
+	 * doing a get_uid(p->user).. If that saw the old
+	 * user value, we need to wait until it has exited
+	 * its critical region before we can free the old
+	 * structure.
+	 */
+	smp_mb();
+	spin_unlock_wait(&current->sighand->siglock);
+
 	free_uid(old_user);
 	suid_keys(current);
 }