From 0a8cd0689a76dbca7405004caac4dde4c0250aea Mon Sep 17 00:00:00 2001 From: Mathias Agopian Date: Tue, 27 Apr 2010 16:11:38 -0700 Subject: fix a race condition in undoDequeue(), where 'tail' could be computed incorrectly. in the undoDequeue() case, 'tail' was recalculated from 'available' and 'head' however there was a race between this and retireAndLock(), which could cause 'tail' to be recalculated wrongly. the interesting thing though is that retireAndLock() shouldn't have any impact on the value of 'tail', which is client-side only attribute. we fix the race by saving the value of 'tail' before dequeue() and restore it in the case of undoDequeue(), since we know it doesn't depend on retireAndLock(). Change-Id: I4bcc4d16b6bc4dd93717ee739c603040b18295a0 --- include/private/surfaceflinger/SharedBufferStack.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/private/surfaceflinger/SharedBufferStack.h b/include/private/surfaceflinger/SharedBufferStack.h index 6ace5bc..39ef3a1 100644 --- a/include/private/surfaceflinger/SharedBufferStack.h +++ b/include/private/surfaceflinger/SharedBufferStack.h @@ -167,6 +167,7 @@ protected: SharedBufferStack* const mSharedStack; const int mNumBuffers; const int mIdentity; + int32_t computeTail() const; friend struct Update; friend struct QueueUpdate; @@ -259,8 +260,6 @@ private: friend struct Condition; friend struct DequeueCondition; friend struct LockCondition; - - int32_t computeTail() const; struct QueueUpdate : public UpdateBase { inline QueueUpdate(SharedBufferBase* sbb); @@ -288,6 +287,7 @@ private: }; int32_t tail; + int32_t undoDequeueTail; // statistics... nsecs_t mDequeueTime[NUM_BUFFER_MAX]; }; -- cgit v1.1