The rest of the vmsplice() exploit story

good job Jon, now only one thing is missing: the behaviour on 32 bit vs. 64 bit archs (in
practice that'd be i386 vs. amd64). the issue here becomes clear when one looks at struct
partial_page and realizes that its first two members are int, not long, therefore when
treating them as a struct page *, the userland address the kernel will go to isn't a mere NULL
or PAGE_SIZE anymore (something mmap_min_addr could have protected against) but a high enough
address that makes it indefensible.