SF: Avoid promoting parent layer in binder thread Some components in SF extend the life cycle of layer objects causing them to be destroyed without the state lock held. If a binder thread promotes a layer, there is a chance it will be left holding the last reference. This will cause the layer to be destroyed in the binder thread, resulting in invalid accesses and crashes. Fix this by tracking root layers with a variable to avoid promoting parent layer in binder thread. Test: presubmit, manually test refresh rate overlay Test: go/wm-smoke Fixes: 186412934 Change-Id: Icd9f4e851bbd92c887e113e52505ce4d8eb3ea0c

commit: 14d218b589719842142dd7455484f80025fb63f3 [log] [tgz]
author: Vishnu Nair <vishnun@google.com> Tue Jul 13 13:57:39 2021 -0700
committer: Vishnu Nair <vishnun@google.com> Tue Jul 13 13:57:39 2021 -0700
tree: 46bef1f9e3057860ee47d72eefaea2c414f0d56f
parent: b058a604011ab7f98513345cbd4fb9573065c959 [diff] [blame]
diff --git a/services/surfaceflinger/RefreshRateOverlay.cpp b/services/surfaceflinger/RefreshRateOverlay.cpp
index 663e62a..27a1c28 100644
--- a/services/surfaceflinger/RefreshRateOverlay.cpp
+++ b/services/surfaceflinger/RefreshRateOverlay.cpp

@@ -197,6 +197,7 @@
     Mutex::Autolock _l(mFlinger.mStateLock);
     mLayer = mClient->getLayerUser(mIBinder);
     mLayer->setFrameRate(Layer::FrameRate(Fps(0.0f), Layer::FrameRateCompatibility::NoVote));
+    mLayer->setIsAtRoot(true);
 
     // setting Layer's Z requires resorting layersSortedByZ
     ssize_t idx = mFlinger.mDrawingState.layersSortedByZ.indexOf(mLayer);
commit	14d218b589719842142dd7455484f80025fb63f3	[log] [tgz]
author	Vishnu Nair <vishnun@google.com>	Tue Jul 13 13:57:39 2021 -0700
committer	Vishnu Nair <vishnun@google.com>	Tue Jul 13 13:57:39 2021 -0700
tree	46bef1f9e3057860ee47d72eefaea2c414f0d56f
parent	b058a604011ab7f98513345cbd4fb9573065c959 [diff] [blame]