This looks good to me overall. It might be worth slicing it into two or more patches, just for bisect paranoia. (e.g. PF_KTHREAD; task_lock in ptrace_attach; task_lock in ptrace_traceme.)
I think it merits a comment that the PF_KTHREAD check does not need any interlock because daemonize() will detach ptrace via reparent_to_kthreadd() after it sets PF_KTHREAD. (vs the old ->mm check under task_lock.) It is worth noting that this changes the security_ptrace_traceme() call so it's no longer under task_lock(). I can't see any way the LSM hooks care, but it is a change. You also didn't mention the s/|=/=/ changes. Those are correct, we've already agreed, but the commit log should mention that this subtle change was intentional. Thanks, Roland