1 files changed, 16 insertions, 18 deletions

diff --git a/kernel/fork.c b/kernel/fork.c
index 4a2080b968c8..f7403e1fb0d4 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2108,28 +2108,26 @@ static int __pidfd_prepare(struct pid *pid, unsigned int flags, struct file **re
  */
 int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret)
 {
-	int err = 0;
-
-	if (!(flags & PIDFD_THREAD)) {
+	/*
+	 * While holding the pidfd waitqueue lock removing the task
+	 * linkage for the thread-group leader pid (PIDTYPE_TGID) isn't
+	 * possible. Thus, if there's still task linkage for PIDTYPE_PID
+	 * not having thread-group leader linkage for the pid means it
+	 * wasn't a thread-group leader in the first place.
+	 */
+	scoped_guard(spinlock_irq, &pid->wait_pidfd.lock) {
+		/* Task has already been reaped. */
+		if (!pid_has_task(pid, PIDTYPE_PID))
+			return -ESRCH;
 		/*
-		 * If this is struct pid isn't used as a thread-group
-		 * leader pid but the caller requested to create a
-		 * thread-group leader pidfd then report ENOENT to the
-		 * caller as a hint.
+		 * If this struct pid isn't used as a thread-group
+		 * leader but the caller requested to create a
+		 * thread-group leader pidfd then report ENOENT.
 		 */
-		if (!pid_has_task(pid, PIDTYPE_TGID))
-			err = -ENOENT;
+		if (!(flags & PIDFD_THREAD) && !pid_has_task(pid, PIDTYPE_TGID))
+			return -ENOENT;
 	}
 
-	/*
-	 * If this wasn't a thread-group leader struct pid or the task
-	 * got reaped in the meantime report -ESRCH to userspace.
-	 */
-	if (!pid_has_task(pid, PIDTYPE_PID))
-		err = -ESRCH;
-	if (err)
-		return err;
-
 	return __pidfd_prepare(pid, flags, ret);
 }