Remove pid check in register/unregister

The register/unregister gralloc calls were avoiding
mmapping/munmapping the shared memory region if the buffer was created
by the current process. This is left over from the pmem-based
implementation, where trying to map the same region twice in the same
process would fail, or would reuse a single mapping without
refcounting.

This causes problems if a buffer is
- allocated in process A,
- transferred from A to process B and registered there
- unregistered/freed in A
- transferred back from B to A and re-registered

Process A then has a new handle to the buffer, but since it originally
created the buffer it will not be mmapped, so trying to read or write
the buffer will crash.

With ashmem, mmaping a region twice in the same process creates two
distinct mappings which can be used and munmapped independently. So
we no longer need to avoid mmapping again in the allocating process.

Bug: 8468756
Change-Id: I167bec5ca07e5534c5e2115630fe8386e481388e
This commit is contained in:
Jesse Hall 2013-03-28 11:04:16 -07:00
parent e1c3ff6641
commit c71b6caece
2 changed files with 10 additions and 21 deletions

View file

@ -74,18 +74,16 @@ struct private_handle_t {
int size; int size;
int offset; int offset;
// FIXME: the attributes below should be out-of-line // FIXME: this should be out-of-line
int base; int base;
int pid;
#ifdef __cplusplus #ifdef __cplusplus
static const int sNumInts = 6; static const int sNumInts = 5;
static const int sNumFds = 1; static const int sNumFds = 1;
static const int sMagic = 0x3141592; static const int sMagic = 0x3141592;
private_handle_t(int fd, int size, int flags) : private_handle_t(int fd, int size, int flags) :
fd(fd), magic(sMagic), flags(flags), size(size), offset(0), fd(fd), magic(sMagic), flags(flags), size(size), offset(0), base(0)
base(0), pid(getpid())
{ {
version = sizeof(native_handle); version = sizeof(native_handle);
numInts = sNumInts; numInts = sNumInts;

View file

@ -92,14 +92,8 @@ int gralloc_register_buffer(gralloc_module_t const* module,
if (private_handle_t::validate(handle) < 0) if (private_handle_t::validate(handle) < 0)
return -EINVAL; return -EINVAL;
// if this handle was created in this process, then we keep it as is.
int err = 0;
private_handle_t* hnd = (private_handle_t*)handle;
if (hnd->pid != getpid()) {
void *vaddr; void *vaddr;
err = gralloc_map(module, handle, &vaddr); return gralloc_map(module, handle, &vaddr);
}
return err;
} }
int gralloc_unregister_buffer(gralloc_module_t const* module, int gralloc_unregister_buffer(gralloc_module_t const* module,
@ -108,13 +102,10 @@ int gralloc_unregister_buffer(gralloc_module_t const* module,
if (private_handle_t::validate(handle) < 0) if (private_handle_t::validate(handle) < 0)
return -EINVAL; return -EINVAL;
// never unmap buffers that were created in this process
private_handle_t* hnd = (private_handle_t*)handle; private_handle_t* hnd = (private_handle_t*)handle;
if (hnd->pid != getpid()) { if (hnd->base)
if (hnd->base) {
gralloc_unmap(module, handle); gralloc_unmap(module, handle);
}
}
return 0; return 0;
} }