}
 EXPORT_SYMBOL(read_code);
 
+/*
+ * Maps the mm_struct mm into the current task struct.
+ * On success, this function returns with the mutex
+ * exec_update_mutex locked.
+ */
 static int exec_mmap(struct mm_struct *mm)
 {
        struct task_struct *tsk;
        struct mm_struct *old_mm, *active_mm;
+       int ret;
 
        /* Notify parent that we're no longer interested in the old VM */
        tsk = current;
        old_mm = current->mm;
        exec_mm_release(tsk, old_mm);
 
+       ret = mutex_lock_killable(&tsk->signal->exec_update_mutex);
+       if (ret)
+               return ret;
+
        if (old_mm) {
                sync_mm_rss(old_mm);
                /*
                down_read(&old_mm->mmap_sem);
                if (unlikely(old_mm->core_state)) {
                        up_read(&old_mm->mmap_sem);
+                       mutex_unlock(&tsk->signal->exec_update_mutex);
                        return -EINTR;
                }
        }
+
        task_lock(tsk);
        active_mm = tsk->active_mm;
        membarrier_exec_mmap(mm);
                goto out;
 
        /*
-        * After clearing bprm->mm (to mark that current is using the
-        * prepared mm now), we have nothing left of the original
+        * After setting bprm->called_exec_mmap (to mark that current is
+        * using the prepared mm now), we have nothing left of the original
         * process. If anything from here on returns an error, the check
         * in search_binary_handler() will SEGV current.
         */
+       bprm->called_exec_mmap = 1;
        bprm->mm = NULL;
 
 #ifdef CONFIG_POSIX_TIMERS
 {
        free_arg_pages(bprm);
        if (bprm->cred) {
+               if (bprm->called_exec_mmap)
+                       mutex_unlock(¤t->signal->exec_update_mutex);
                mutex_unlock(¤t->signal->cred_guard_mutex);
                abort_creds(bprm->cred);
        }
         * credentials; any time after this it may be unlocked.
         */
        security_bprm_committed_creds(bprm);
+       mutex_unlock(¤t->signal->exec_update_mutex);
        mutex_unlock(¤t->signal->cred_guard_mutex);
 }
 EXPORT_SYMBOL(install_exec_creds);
 
                read_lock(&binfmt_lock);
                put_binfmt(fmt);
-               if (retval < 0 && !bprm->mm) {
+               if (retval < 0 && bprm->called_exec_mmap) {
                        /* we got to flush_old_exec() and failed after it */
                        read_unlock(&binfmt_lock);
                        force_sigsegv(SIGSEGV);
 
 
        struct mutex cred_guard_mutex;  /* guard against foreign influences on
                                         * credential calculations
-                                        * (notably. ptrace) */
+                                        * (notably. ptrace)
+                                        * Deprecated do not use in new code.
+                                        * Use exec_update_mutex instead.
+                                        */
+       struct mutex exec_update_mutex; /* Held while task_struct is being
+                                        * updated during exec, and may have
+                                        * inconsistent permissions.
+                                        */
 } __randomize_layout;
 
 /*
 
        .multiprocess   = HLIST_HEAD_INIT,
        .rlim           = INIT_RLIMITS,
        .cred_guard_mutex = __MUTEX_INITIALIZER(init_signals.cred_guard_mutex),
+       .exec_update_mutex = __MUTEX_INITIALIZER(init_signals.exec_update_mutex),
 #ifdef CONFIG_POSIX_TIMERS
        .posix_timers = LIST_HEAD_INIT(init_signals.posix_timers),
        .cputimer       = {