In 11623e8f, SIGBUS handlers aren't set if F_SEAL_SHRINK is configured on
the memory. This helps avoid setting up handlers with cooperative clients;
however, if an application gives an incorrect size, the compositor would
access it anyways, figuring SIGBUS is impossible, and crash.
This can be fixed by simply removing the seal-checking logic and always
setting the signal handler. However, it seems that fstat can give the size
of the memfd, so we can check that the size we were told is within the
region. Since it's sealed to shrinking, it must never be shrunk in future,
so we can really (hopefully) ignore SIGBUS.
I was worried that fstat wasn't supported for this, but shm_overview(7) does
mention that it is a possible use.
The best solution would likely be avoiding SIGBUS entirely with
MAP_NOSIGBUS, but that hasn't been merged yet and wouldn't help systems
without it (e.g. with older kernels).
A proof-of-concept of this crash is attached with the merge request. Running
it with this patch gives an invalid-shm error, which is correct.
Signed-off-by: Duncan McIntosh <duncan82013@live.ca>
20fd3b3af9