From ef8b65fb496fb563bab7e804990123feb3cae6c4 Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds@g5.osdl.org>
Date: Sat, 4 Nov 2006 10:06:02 -0800
Subject: [PATCH] --- yaml --- r: 40695 b: refs/heads/master c:
 45c18b0bb579b5c1b89f8c99f1b6ffa4c586ba08 h: refs/heads/master i:   40693:
 b4bef51311fe7274c3012ce53f597176da4430f3   40691:
 f7356bf1c6e7218edcae3c50897ce19f5dc58a30   40687:
 02e350f4544e804142ce0b27b1e805106d7d3094 v: v3

---
 [refs]              |  2 +-
 trunk/kernel/user.c | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 16b698b943d1..b35e13bcf7d2 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 80491eb90c750fcd7d13830062f27ae9b7cc5f75
+refs/heads/master: 45c18b0bb579b5c1b89f8c99f1b6ffa4c586ba08
diff --git a/trunk/kernel/user.c b/trunk/kernel/user.c
index 6408c0424291..220e586127a0 100644
--- a/trunk/kernel/user.c
+++ b/trunk/kernel/user.c
@@ -187,6 +187,17 @@ void switch_uid(struct user_struct *new_user)
 	atomic_dec(&old_user->processes);
 	switch_uid_keyring(new_user);
 	current->user = new_user;
+
+	/*
+	 * We need to synchronize with __sigqueue_alloc()
+	 * doing a get_uid(p->user).. If that saw the old
+	 * user value, we need to wait until it has exited
+	 * its critical region before we can free the old
+	 * structure.
+	 */
+	smp_mb();
+	spin_unlock_wait(&current->sighand->siglock);
+
 	free_uid(old_user);
 	suid_keys(current);
 }