diff --git a/ipc/msg.c b/ipc/msg.c
index 9f29d9e..a512829 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -687,14 +687,6 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
 		if (ipcperms(ns, &msq->q_perm, S_IWUGO))
 			goto out_unlock1;
 
-		err = security_msg_queue_msgsnd(msq, msg, msgflg);
-		if (err)
-			goto out_unlock1;
-
-		if (msgsz + msq->q_cbytes <= msq->q_qbytes &&
-				1 + msq->q_qnum <= msq->q_qbytes) {
-			break;
-		}
 
 		/* queue full, wait: */
 		if (msgflg & IPC_NOWAIT) {
@@ -703,6 +695,10 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
 		}
 
 		ipc_lock_object(&msq->q_perm);
+		err = security_msg_queue_msgsnd(msq, msg, msgflg);
+		if (err)
+			goto out_unlock0;
+
 		ss_add(msq, &s);
 
 		if (!ipc_rcu_getref(msq)) {
@@ -734,6 +730,12 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
 	}
 
 	ipc_lock_object(&msq->q_perm);
+
+	if (!(msgsz + msq->q_cbytes <= msq->q_qbytes &&
+			1 + msq->q_qnum <= msq->q_qbytes)) {
+		goto out_unlock0;
+	}
+
 	msq->q_lspid = task_tgid_vnr(current);
 	msq->q_stime = get_seconds();