Add a bandaid to prevent a segfault which can occur while handling
timed audio buffers. There is a deeper problem which should
eventually be addressed, but for now this fix should prevent any
crashing.
The deeper problem is as follows.
When the AudioFlinger mixer gets data to mix from an AudioTrack, it
ends up getting a structure filled out which points into an IMemory
region owned by the AudioTrack. Unfortunately, this structure is not
holding a refcount on the IMemory which it points into. If the
IMemory refcount hits 0 and the chunk of RAM is retuned to the binder
heap it came from, there can still be a Buffer object being held by
the AudioFlinger mixer which points into the region of memory which
was retuned to the binfer heap. If AF reads from this buffer, it
could read corrupt data (if the region of memory gets handed back out
to a writer), or it could segfault (if the heap has been freed and the
pages unmapped). Similar problems could happen if AF attempts to
write to the buffer, heap corruption in one case, segfaulting in the
other.
In the past, this has not been an issue for AF, because tracks
allocate a single IMemory (which serves as a ring buffer) and the
IMemory lives for as long as the track lives. As an artifact of the
way the code came out, the mixer cannot be holding a Buffer structure
pointing into the IMemory which used to be owned by a track if the
track no longer exists. Tracks cannot come into or out of existence
during a mix operation, which is the only thing which makes this safe.
TimedTracks work differently, however. Timed tracks each allocate a
small binder heap, and then hand out IMemory instances broken out of
this heap. The heap lives as long as the track, so the worst which
could happen here is that a TimedTrack's IMemory gets returned to the
heap while there is still a buffer structure in flight pointing into
the memory region, then the region gets handed out again and
overwritten by new data causing the mixer to mix the wrong audio. The
timing to cause this to happen is very difficult to encounter, and you
to generate the timing conditions required, you need to be in a pretty
bad failure state where audio is already breaking up and skipping, so
its unlikely that anyone would notice (which is why I'm band-aiding
the segfault and letting the deeper issue slide for now).
In general, however, it might be a good idea to revisit this buffering
design. On principal, if someone is going to hold pointers into a
refcounted object, they should be holding a ref on the object at the
same time. Failure to do this will usually lead to a situation where
there are corruption or segfault issues, or to a system where the
refcounted object's lifetime must be implicitly managed very carefully
in ways which are usually non-obvious and are easy to break by new
engineers on a project.
Change-Id: Ib391075395ed0ef46a03c37aa38a82d09e88abeb
"EffectDesc *effect = new EffectDesc(*effects[i]);" was relying on the
default copy constructor for EffectDesc, but the default copy constructor
does a member-by-member copy. This works OK for mUuid, but a member
copy of mName and mParams shares pointers. This could result in heap
corruption later on due to a double free. Changed to add an explicit
copy constructor that does a deep copy of both mName and mParams.
A malloc() and strdup() were being freed by delete, but the correct
matching API for these is free(). Fortunately our current memory runtime
implementation ignores the difference. Changed to use free().
EffectDesc and InputSourceDesc member fields were being torn down by
the code that does delete. Changed to do the tear-down in ~EffectDesc()
and ~InputSourceDesc().
Added constructor EffectDesc() with name and UUID parameters, rather
than having caller fill in the object after construction.
Made ~EffectDesc() and ~InputSourceDesc() non-virtual to save memory,
since they have no subclasses.
Change-Id: Ibb5cc2e6760d72e0c4cf537068ac4432c717bafd
Some changes in AppWidgetService were interfering with widget permissions.
Added some hidden methods in Context to communicate the requesting user
information instead of using the calling uid.
Bug: 6019296
Change-Id: I5e519fd3fbbfa5b3fcc5c297b729c671dac8e7c7
Looks like not all flavors of the android build include support for
std::numeric_limits. Fix the build by using a simple macro for now.
A more elegant solution can be searched for once the build is green
again.
Change-Id: I18329cd0d26ca69de6a52df9a1c6eeb3ba063b48
Check the string returned by a HAL's implementation of get_parameters
for NULL before attempting to make use of it. That way, we won't
bring down the mediaserver because of a poorly written HAL.
Change-Id: Ic99d7b004520d7d6347842a681c0595e889b68ea
Signed-off-by: John Grossman <johngro@google.com>
Bring in changes to audio flinger made to support timed audio tracks
and HW master volume control.
Change-Id: Ide52d48809bdbed13acf35fd59b24637e35064ae
Signed-off-by: John Grossman <johngro@google.com>
Add a small service to the high level core set of system services to
control the configuration of the native common time service. This
service is responsible for controlling policy regarding when the
common time service should be allowed to run, which networks it is
allowed to run on, what priority it runs at in the master election
algorithm, and so on.
Change-Id: I1fcd834c0286aea0df9557520693a3f42de59d69
Signed-off-by: John Grossman <johngro@google.com>
Move the common_time service developed in the ics-aah branch back into
master.
The common_time service is a small service build to synchronize an
arbitrary timeline amongst peers on a local sub-net. While running
and configured, the service will elect a master from the set of
available devices within the subnet, define a relationship between the
common_time timeline the local time timeline (provided by the local
time HAL), and then attempt to maintain synchronization between common
and local time by controlling the frequency of the local time clock
via the HAL, or by disciplining local time in the digital domain if
the local time HAL implementation does not support HW slewing.
On its own, the native common time service will do nothing until it is
configured. The CommonTimeManagementService (running out of the
system server process) is responsible for implementing policy
regarding configuration and operation of the common_time service and
will be added in a subsequent CL.
Change-Id: I71292f9b9b1797665865689c4572c9d3a0552f64
Signed-off-by: John Grossman <johngro@google.com>
Removed the listeners and schedule animation / draw methods.
Instead all requests are posted as one-shot callbacks, which is a
better match for how clients actually use the Choreographer.
Bug: 5721047
Change-Id: I113180b2713a300e4444d0d987f52b8157b7ac15
1. Added methods to the ActivityManagerService remote interface
that allow accessing content providers outside of an application.
These methods are guarded by an internal signature protected
permission which is given to the shell user. This enables a
shell program to access content providers.
2. Implemented a shell command that takes as input as standart
fagls with values and manipulates content via the content provider
mechanism.
Change-Id: I2943f8b59fbab33eb623458fa01ea61a077b9845
Backported from master, including a bug fix and a cdma enhancement.
Even if other people are sharing the connection (ie, carrier wants
default and tethered traffic on the same APN) stop using a carrier-
described APN when the tethering stops.
bug:5972599
Change-Id: I25e4831855e6b62c0c3ab3a6f4d4846aaee6ac50
Use size_t with size() and ssize_t with indexOfKey(). Exception:
use ssize_t for backwards loops, and indices that are overloaded as a
marker or error code.
Change-Id: Ibf2a360af4539b72b09c818dda22ea2a0de92431
On reflection, only key events need to be serialized.
This is part of a series of changes to improve input system pipelining.
Bug: 5963420
Change-Id: I028b4eac97497d012036cb60ffbac4cb22d3966c
If we went through the update loop multiple times, and had finished
animating the first time, we would blow away that information the
second time and never kill the animation.
Also moved killing the animation back up to the animation step --
this involves destroying surfaces and such, and so really should
be done as part of the surface transaction. We can also consider
the screen rotation animation object to be owned by the animation,
so it can destroy it when done.
Change-Id: If24356c509c66d046f2ddfd9ad5bfe12504d7716
Use the caching permission check for dump to save IPC.
Cache getpid() to save kernel call for other permission checks.
The C runtime library getpid() can't cache due to a fork
race condition, but we know that mediaserver doesn't fork.
Don't construct String16 on the stack.
Change-Id: I6be6161dae5155d39ba6ed6228e7683e67be34ed
To support this feature, the input dispatcher now allows input
events to be acknowledged out-of-order. As a result, the
consumer can choose to defer handling an input event from one
device (because it is building a big batch) while continuing
to handle input events from other devices.
The InputEventReceiver now sends a notification when a batch
is pending. The ViewRoot handles this notification by scheduling
a draw on the next sync. When the draw happens, the InputEventReceiver
is instructed to consume all pending batched input events, the
input event queue is fully processed (as much as possible),
and then the ViewRoot performs traversals as usual.
With these changes in place, the input dispatch latency is
consistently less than one frame as long as the application itself
isn't stalled. Input events are delivered to the application
as soon as possible and are handled as soon as possible. In practice,
it is no longer possible for an application to build up a huge
backlog of touch events.
This is part of a series of changes to improve input system pipelining.
Bug: 5963420
Change-Id: I42c01117eca78f12d66d49a736c1c122346ccd1d
Minor tweak to the dispatcher to handle as many finished signals
in a receive callback as possible instead of going back to
the Looper and waiting for the next poll() to hit the callback
again.
This is part of a series of changes to improve input system pipelining.
Bug: 5963420
Change-Id: I8471107371693e21ce8ce7cca1e8d79ba4ca2351
This change enables the input dispatcher to send multiple touch
events to an application without waiting for them to be acknowledged.
Essentially this is a variation on the old streaming optimization
but it is much more comprehensive. Event dispatch will stall as
soon as 0.5sec of unacknowledged events are accumulated or a
focused event (such as a key event) needs to be delivered.
Streaming input events makes a tremendous difference in application
performance. The next step will be to enable batching of input
events on the client side once again.
This is part of a series of changes to improve input system pipelining.
Bug: 5963420
Change-Id: I025df90c06165d719fcca7f63eed322a5cce4a78
The information gathered here will no longer be valid once we
start dispatching multiple events at a time to the same connection.
Moreover, we are more concerned with end-to-end latency, which we
can measure with sufficiently high accuracy in other ways.
This is part of a series of changes to improve input system pipelining.
Bug: 5963420
Change-Id: I49a0c9876b64af56b40e96e0d98c45f325da2a73
The dispatcher no longer needs to track which connections are
active except perhaps for diagnostic purposes, so we might as well
remove this code.
This is part of a series of changes to improve input system pipelining.
Bug: 5963420
Change-Id: Ibadc830b7b792a59b9244d0a6e85f320c4947109
Since we no longer stream events to the application, we don't need to
keep the current list of input targets around longer than it takes
to begin the dispatch cycle.
This is part of a series of changes to improve input system pipelining.
Bug: 5963420
Change-Id: I5824b04e564c8a4dec991598292441e46c331905
Since we will not longer be modifying events in place, we don't need
to use an ashmem region for input. Simplified the code to instead
use a socket of type SOCK_SEQPACKET.
This is part of a series of changes to improve input system pipelining.
Bug: 5963420
Change-Id: I05909075ed8b61b93900913e44c6db84857340d8
Don't worry, these features will be moving to a different part of
the pipeline. We're just getting them out of the way for now so
we can make deeper changes to how the input dispatcher works.
This is part of a series of changes to improve input system pipelining.
Bug: 5963420
Change-Id: If97de923c8165776882eef23f5204cc448dad0fc
