a memory corruption happned when the buffer pool was resized
(like when playing a video or using camera) and there was
no current active buffer. In this case, the faulty code
would index into an array at position -1 which corrupted
24 bytes of data.
also improved region validation code (ifdef'ed out by default)
Bug: 4093196
Change-Id: I915c581d131148959d720e00e3892e9186ab733d
mDrawingState doesn't need to be accessed by the
mStateLock, because by definition it's only accessed
from the main thread.
Similarily, the list of layers in the drawing state
cannot change (ie: is const).
Change-Id: I2e5da7f4d8caee7af7802b432cd45cc81c7c08b0
mFormat is not initialized with any value in Layer constructor, causing
a call to requestFormat() with no explicit format specified to fallback to
some uninitialized value. Such invalid path actually detected by valgrind.
Change-Id: Ib7faabcd61eaa26fb0ae7a9a486d9e258ba31b63
This change makes SurfaceFlinger treat layers for which the active
buffer has the GRALLOC_USAGE_PROTECTED bit set as if they have the
'secure' flag set.
Change-Id: Ic60b6513a63e4bb92ec6ce9fd12fd39b4ba5f674
Bug: 4081304
This change adds a new 'method' to the ANativeWindow interface to check
whether buffers queued to the window will be sent directly to the system
window compositor.
Change-Id: I4d4b199e328c110b68b250029aea650f03c8724d
Bug: 3495535
SF kept a strong reference to ISurface until the
window manager removed the surface from the screen.
This fell appart when running standalone tests, that is
when the window manager wasn't involved.
When the window manager is around, it would clean-up surfaces
even when an application died.
with this change, SF is able to do its own cleanup without
relying on the window manager.
the change is very simple, we simply don't keep a reference
to ISurface and make sure no more than one of them can
be created.
Change-Id: I61f2d7473bf8d4aa651549a846c34cdbb0d0c85a
Check requested format for device-specific formats, and assume (as
documented in libhardware/include/hardware/hardware.h) this is opaque
layer so no blending is necessary.
Bug: 3215931
Change-Id: Ib4dff8060ac522d201ff1e74807ac340c17d3fa7
with this change DimLayers will behave just like any other layer,
in particular they'll respect the layer transformations.
Change-Id: Icb4a1275e8bca9e3deb5f57c9f9219aaa69f9877
We were still destroying an ANativeWindow's buffer pretty soon
after it was removed from the window manager. This time
we really wait for the ISurace to go away.
Change-Id: I329273fedaeef76ee92836f6180c2c3808389330
This changes the ANativeWindow API and the two implementations to reset
the window's crop rectangle to be uncropped when the window's buffer
geometry is changed.
Bug: 3359604
Change-Id: I64283dc8382ae687787ec0bebe6a5d5b4a0dcd6b
Generally we never want to lock a buffer for write access if it is at
the "head" on the surfaceflinger side. The only exception (1) is when
the buffer is not currently in use AND there is at least one queued
buffer -- in which case, SurfaceFlinger will never use said buffer
anymore, because on the next composition around, it will be able to
retire the first queued buffer.
The logic above relies on SurfaceFlinger always retiring
and locking a buffer before composition -- unfortunately this
didn't happen during a screenshot.
This could leave us in a situation where a buffer is locked by the
application for write, and used by SurfaceFlinger for texturing,
causing a hang.
Here, we fix this issue by never assuming the exception (1), it was
intended as an optimization allowing ANativeWindow::lockBuffer() to
return sooner and was justified when most of SF composition was
done in software. The actual buffer locking is now ensured by
gralloc. We could have handled screenshots in a similar way to
a regular composition, but it could have caused glitches on screen,
essentially, taking a screenshot could cause to skip a frame.
now that we removed the notion of a "inUse" buffer in surfaceflinger
a lot of code can be simplified / removed.
noteworthy, the whole concept of "unlockClient" wrt. "compositionComplete"
is also gone.
We used to guarantee that a layer in SurfaceFlinger would never be
destroyed before all references (to its ISurface) on the client
side would be released. At some point, this guarantee got
relaxed to allow to free gralloc resources sooner. This last
change was incorrect, because:
- in implementations with reference-counting the gralloc resources
wouldn't be released anyways, until all the mapping were gone
- in implementations without ref counting, the client side
would most likely crash or do something bad
- it also caused the SharedBufferStack slot to be reallocated
to another surface, which could be problematic if the client
continued to use the surface after the window manager destroyed it.
So, we essentially reinstate the guarantee that layers won't be
destroyed until after all references to their ISurface are
released.
NOTE: This doesn't entirely fix 3306150 because there is another
problem there where the Browser continues to use a surface after it
has been destroyed.
also improve SurfaceFlinger 'dumpsys' log
list the purgatory, which shows windows that have been closed,
but for which the client still has references.
we were not clearing the screen entirely, which caused garbage when
the screen wasn't entirely covered by windows.
Change-Id: Ia7aa13c36a8a314e0e8427d419b16b9aa2165ddf
we make sure to call compositionComplete after everytime we do
composition with the GPU (even for the screenshot case), which is
where the buffer locks are released.
Change-Id: I450430d1e4d1ee9ce1023970642378c42cdcfa4c
now that we removed the notion of a "inUse" buffer in surfaceflinger
a lot of code can be simplified / removed.
noteworthy, the whole concept of "unlockClient" wrt. "compositionComplete"
is also gone.
Change-Id: I210413d4c8c0998dae05c8620ebfc895d3e6233d
list the purgatory, which shows windows that have been closed,
but for which the client still has references.
Change-Id: I5168bb88cb328d5d77d71d0871deb9190f493126
We used to guarantee that a layer in SurfaceFlinger would never be
destroyed before all references (to its ISurface) on the client
side would be released. At some point, this guarantee got
relaxed to allow to free gralloc resources sooner. This last
change was incorrect, because:
- in implementations with reference-counting the gralloc resources
wouldn't be released anyways, until all the mapping were gone
- in implementations without ref counting, the client side
would most likely crash or do something bad
- it also caused the SharedBufferStack slot to be reallocated
to another surface, which could be problematic if the client
continued to use the surface after the window manager destroyed it.
So, we essentially reinstate the guarantee that layers won't be
destroyed until after all references to their ISurface are
released.
NOTE: This doesn't entirely fix 3306150 because there is another
problem there where the Browser continues to use a surface after it
has been destroyed.
Change-Id: I305c830dd722b30a6d53cbf3a9c714fd3cf7eb06
the crop as well as buffer orientation can change at every frame, when that happens
we need to reset the hwc HAL (ie: set the GEOMETRY_CHANGED flag).
currently we achieve this by taking the same code path than an actual geometry change
which is a bit more heavy than necessary.
Change-Id: I751f9ed1eeec0c27db7df2e77d5d17c6bcc17a24
This change fixes a horrible hack that I did to allow application
processes to create GraphicBuffer objects by making a binder call to
SurfaceFlinger. This change introduces a new binder interface
specifically for doing this, and does it in such a way that
SurfaceFlinger will maintain a reference to the buffers until the app is
done with them.
Change-Id: Icb240397c6c206d7f69124c1497a829f051cb49b
This change adds a new binder method to the ISurfaceComposer interface.
This IPC is intended to allow SurfaceFlinger clients to allocate gralloc
buffers using SurfaceFlinger as a proxy to gralloc.
Change-Id: Ide9fc283aec5da6268ba62cfed0c3319a50b640d
we were not clearing the screen entirely, which caused garbage when
the screen wasn't entirely covered by windows.
Change-Id: Ie9ab9b94eabfa6cafddf45bb14bc733bdc8d35c0