Re: [PATCH v2] /dev/mem: Revoke mappings when a driver claims the region

[Matthew Wilcox]

On Tue, May 19, 2020 at 12:03:06AM -0700, Dan Williams wrote:
> +void revoke_devmem(struct resource *res)
> +{
> +	struct inode *inode = READ_ONCE(devmem_inode);
> +
> +	/*
> +	 * Check that the initialization has completed. Losing the race
> +	 * is ok because it means drivers are claiming resources before
> +	 * the fs_initcall level of init and prevent /dev/mem from
> +	 * establishing mappings.
> +	 */
> +	smp_rmb();
> +	if (!inode)
> +		return;

Which wmb() is this pairing with?

> +static int devmem_init_inode(void)
> +{
> +	static struct vfsmount *devmem_vfs_mount;
> +	static int devmem_fs_cnt;
> +	struct inode *inode;
> +	int rc;
> +
> +	rc = simple_pin_fs(&devmem_fs_type, &devmem_vfs_mount, &devmem_fs_cnt);
> +	if (rc < 0) {
> +		pr_err("Cannot mount /dev/mem pseudo filesystem: %d\n", rc);
> +		return rc;
> +	}
> +
> +	inode = alloc_anon_inode(devmem_vfs_mount->mnt_sb);
> +	if (IS_ERR(inode)) {
> +		rc = PTR_ERR(inode);
> +		pr_err("Cannot allocate inode for /dev/mem: %d\n", rc);
> +		simple_release_fs(&devmem_vfs_mount, &devmem_fs_cnt);
> +		return rc;
> +	}
> +
> +	/* publish /dev/mem initialized */
> +	WRITE_ONCE(devmem_inode, inode);
> +	smp_wmb();
> +
> +	return 0;

... is that this one?  I don't see what it's guarding against.  Surely if
it's needed to ensure that the writes to 'inode' have happened before
the write of the inode pointer, the smp_wmb() needs to be before the
WRITE_ONCE, not after it?