On Wed, Nov 13, 2024 at 05:44:00PM +0100, Jann Horn wrote:
> Something like NULL or (void*)1 is fine with me but please don't do
> pointer-to-itself - we shouldn't unnecessarily store a pointer to an
> object of one type in a pointer field of an incompatible type, that
> increases the risk of creating type confusion issues (both in the
> memory corruption sense and in the Spectre sense). I know MM already
> has several places where similar stuff can happen (in particular
> page->mapping), but here it seems like unnecessary risk to me.
Hm? I don't think page->mapping can ever point at page. As far as I
know, we have four cases, discriminated by the bottom two bits:
0 - NULL or address_space
1 - anon_vma
2 - movable_ops
3 - ksm_stable_node
In fact, we're almost done eliminating page->mapping. Just a few
filesystems and device drivers left to go.
Would it be halpful if we did:
- struct address_space *mapping;
+ union {
+ struct address_space *mapping;
+ unsigned long raw_mapping;
+ };
and had non-filesystems use raw_mapping and do the masking?
