1 files changed, 9 insertions, 3 deletions

diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 2663145d1197..23414b93771f 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -298,14 +298,18 @@ int yama_ptrace_access_check(struct task_struct *child,
                         /* No additional restrictions. */
                         break;
                 case YAMA_SCOPE_RELATIONAL:
+                        rcu_read_lock();
                         if (!task_is_descendant(current, child) &&
                             !ptracer_exception_found(current, child) &&
-                            !ns_capable(task_user_ns(child), CAP_SYS_PTRACE))
+                            !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
                                 rc = -EPERM;
+                        rcu_read_unlock();
                         break;
                 case YAMA_SCOPE_CAPABILITY:
-                        if (!ns_capable(task_user_ns(child), CAP_SYS_PTRACE))
+                        rcu_read_lock();
+                        if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
                                 rc = -EPERM;
+                        rcu_read_unlock();
                         break;
                 case YAMA_SCOPE_NO_ATTACH:
                 default:
@@ -343,8 +347,10 @@ int yama_ptrace_traceme(struct task_struct *parent)
         /* Only disallow PTRACE_TRACEME on more aggressive settings. */
         switch (ptrace_scope) {
         case YAMA_SCOPE_CAPABILITY:
-                if (!ns_capable(task_user_ns(parent), CAP_SYS_PTRACE))
+                rcu_read_lock();
+                if (!ns_capable(__task_cred(parent)->user_ns, CAP_SYS_PTRACE))
                         rc = -EPERM;
+                rcu_read_unlock();
                 break;
         case YAMA_SCOPE_NO_ATTACH:
                 rc = -EPERM;