1 files changed, 6 insertions, 4 deletions

diff --git a/kernel/signal.c b/kernel/signal.c
index 84989124bafb..2a64304ed54b 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -180,7 +180,7 @@ int next_signal(struct sigpending *pending, sigset_t *mask)
 /*
  * allocate a new signal queue record
  * - this may be called without locks if and only if t == current, otherwise an
- *   appopriate lock must be held to protect t's user_struct
+ *   appopriate lock must be held to stop the target task from exiting
  */
 static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
                                          int override_rlimit)
@@ -194,7 +194,7 @@ static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
          * caller must be holding the RCU readlock (by way of a spinlock) and
          * we use RCU protection here
          */
-        user = __task_cred(t)->user;
+        user = get_uid(__task_cred(t)->user);
         atomic_inc(&user->sigpending);
         if (override_rlimit ||
             atomic_read(&user->sigpending) <=
@@ -202,12 +202,14 @@ static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
                 q = kmem_cache_alloc(sigqueue_cachep, flags);
         if (unlikely(q == NULL)) {
                 atomic_dec(&user->sigpending);
+                free_uid(user);
         } else {
                 INIT_LIST_HEAD(&q->list);
                 q->flags = 0;
-                q->user = get_uid(user);
+                q->user = user;
         }
-        return(q);
+
+        return q;
 }
 
 static void __sigqueue_free(struct sigqueue *q)