commit 1a4dba4b2bfa835599286e49514f44fd27e774f1
author chaviw <chaviw@google.com> Wed May 27 15:16:15 2020 -0700
committer chaviw <chaviw@google.com> Wed May 27 15:16:15 2020 -0700
tree 608351188c2ea523c2c2bf2eefea7141abe99ed7
parent 68904ad94c9a6ab6294ac0d4394a191c1d4c7f02

Hold mMutex lock and check abandoned when accessing mLayer

The Layer lifecycle is tied to BufferLayerConsumer so when the Layer is
removed, the BufferLayerConsumer is abandoned. However, abandoned
doesn't necessarily mean it was cleaned up yet. Therefore, we need to
check whether the BufferLayerConsumer was abandoned before accessing the
raw pointer mLayer. If the BufferLayerConsumer was not abandoned, then
mLayer will be valid.

Test: Builds and runs. Hard to reproduce race condition
Fixes: 157535966
Fixes: 155679049
Change-Id: I8b309c9e1fe57746bceabab1deda56248087b189

services/surfaceflinger/BufferLayerConsumer.cpp

diff --git a/services/surfaceflinger/BufferLayerConsumer.cpp b/services/surfaceflinger/BufferLayerConsumer.cpp
index 648d129..8722952 100644
--- a/services/surfaceflinger/BufferLayerConsumer.cpp
+++ b/services/surfaceflinger/BufferLayerConsumer.cpp
@@ -452,6 +452,13 @@
 }
 
 void BufferLayerConsumer::onDisconnect() {
+    Mutex::Autolock lock(mMutex);
+
+    if (mAbandoned) {
+        // Nothing to do if we're already abandoned.
+        return;
+    }
+
     mLayer->onDisconnect();
 }
 
@@ -486,6 +493,13 @@
 
 void BufferLayerConsumer::addAndGetFrameTimestamps(const NewFrameEventsEntry* newTimestamps,
                                                    FrameEventHistoryDelta* outDelta) {
+    Mutex::Autolock lock(mMutex);
+
+    if (mAbandoned) {
+        // Nothing to do if we're already abandoned.
+        return;
+    }
+
     mLayer->addAndGetFrameTimestamps(newTimestamps, outDelta);
 }