Ensure currentState is copied to drawingState for offscreen layers
When a layer is re-parented to null, it becomes offscreen. This means it
can't be reached when traversing layers. The layer can still be around
in memory and modified since the client can still access it. If the
layer makes changes to other layers it references (children or relative),
that info will never get copied from currentState to drawingState. This
could possibly cause leaks since the offscreen layer will continue to hold
a reference to another layer even if the layer requested to be re-parented.
This change stores a raw reference to the offscreen layers so their
states can get copied from current to drawing, ensuring that any
references are updated properly.
Test: Steps from bug does not create buffer leak
Test: go/wm-smoke no buffer leak
Fixes: 131265073
Fixes: 126185092
Change-Id: I3b32350cfdb7e7cbd75eab107d986877c6d6f6ba
diff --git a/services/surfaceflinger/Layer.cpp b/services/surfaceflinger/Layer.cpp
index 46ca0b6..cbe8b29 100644
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -130,7 +130,7 @@
}
mFrameTracker.logAndResetStats(mName);
- mFlinger->onLayerDestroyed();
+ mFlinger->onLayerDestroyed(this);
}
// ---------------------------------------------------------------------------
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index d5a38e9..747f1ce 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -2932,6 +2932,13 @@
if (l->isRemovedFromCurrentState()) {
latchAndReleaseBuffer(l);
}
+
+ // If the layer has been removed and has no parent, then it will not be reachable
+ // when traversing layers on screen. Add the layer to the offscreenLayers set to
+ // ensure we can copy its current to drawing state.
+ if (!l->getParent()) {
+ mOffscreenLayers.emplace(l.get());
+ }
}
mLayersPendingRemoval.clear();
}
@@ -2945,7 +2952,17 @@
// clear the "changed" flags in current state
mCurrentState.colorMatrixChanged = false;
- mDrawingState.traverseInZOrder([](Layer* layer) { layer->commitChildList(); });
+ mDrawingState.traverseInZOrder([&](Layer* layer) {
+ layer->commitChildList();
+
+ // If the layer can be reached when traversing mDrawingState, then the layer is no
+ // longer offscreen. Remove the layer from the offscreenLayer set.
+ if (mOffscreenLayers.count(layer)) {
+ mOffscreenLayers.erase(layer);
+ }
+ });
+
+ commitOffscreenLayers();
});
mTransactionPending = false;
@@ -2973,6 +2990,18 @@
}
}
+void SurfaceFlinger::commitOffscreenLayers() {
+ for (Layer* offscreenLayer : mOffscreenLayers) {
+ offscreenLayer->traverseInZOrder(LayerVector::StateSet::Drawing, [](Layer* layer) {
+ uint32_t trFlags = layer->getTransactionFlags(eTransactionNeeded);
+ if (!trFlags) return;
+
+ layer->doTransaction(0);
+ layer->commitChildList();
+ });
+ }
+}
+
void SurfaceFlinger::computeVisibleRegions(const sp<const DisplayDevice>& displayDevice,
Region& outDirtyRegion, Region& outOpaqueRegion) {
ATRACE_CALL();
diff --git a/services/surfaceflinger/SurfaceFlinger.h b/services/surfaceflinger/SurfaceFlinger.h
index 72e2ff9..4e97ba6 100644
--- a/services/surfaceflinger/SurfaceFlinger.h
+++ b/services/surfaceflinger/SurfaceFlinger.h
@@ -308,7 +308,10 @@
const sp<IGraphicBufferProducer>& bufferProducer) const;
inline void onLayerCreated() { mNumLayers++; }
- inline void onLayerDestroyed() { mNumLayers--; }
+ inline void onLayerDestroyed(Layer* layer) {
+ mNumLayers--;
+ mOffscreenLayers.erase(layer);
+ }
TransactionCompletedThread& getTransactionCompletedThread() {
return mTransactionCompletedThread;
@@ -563,6 +566,7 @@
uint32_t setTransactionFlags(uint32_t flags, Scheduler::TransactionStart transactionStart);
void latchAndReleaseBuffer(const sp<Layer>& layer);
void commitTransaction() REQUIRES(mStateLock);
+ void commitOffscreenLayers();
bool containsAnyInvalidClientState(const Vector<ComposerState>& states);
bool transactionIsReadyToBeApplied(int64_t desiredPresentTime,
const Vector<ComposerState>& states);
@@ -1150,6 +1154,12 @@
// Flag used to set override allowed display configs from backdoor
bool mDebugDisplayConfigSetByBackdoor = false;
+
+ // A set of layers that have no parent so they are not drawn on screen.
+ // Should only be accessed by the main thread.
+ // The Layer pointer is removed from the set when the destructor is called so there shouldn't
+ // be any issues with a raw pointer referencing an invalid object.
+ std::unordered_set<Layer*> mOffscreenLayers;
};
} // namespace android