diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
index 4c1acfca05e910e26f98c01f535580819b2014b7..9adac5d99dface43bdaf5ceed9d3df2ee23bb116 100644
--- a/security/apparmor/include/context.h
+++ b/security/apparmor/include/context.h
@@ -162,8 +162,6 @@ static inline void aa_end_current_label(struct aa_label *label)
  *   just return the up to date label
  *
  * The returned reference must be put with aa_end_current_label()
- * This must NOT be used if the task cred could be updated within the
- * critical section between aa_begin_current_label() .. aa_end_current_label()
  */
 static inline struct aa_label *aa_begin_current_label(bool update)
 {
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 4b8602d7d4a0a04f88cc642754055d2d41c3d545..a866a0b45ac211a7d20d4341ef94f0191128f916 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -580,10 +580,10 @@ static int apparmor_sb_pivotroot(struct path *old_path, struct path *new_path)
 	struct aa_label *label;
 	int error = 0;
 
-	label = aa_get_current_label();
+	label = aa_begin_current_label(NO_UPDATE);
 	if (!unconfined(label))
 		error = aa_pivotroot(label, old_path, new_path);
-	aa_put_label(label);
+	aa_end_current_label(label);
 
 	return error;
 }