Commit 928c5016b64d3a6cde7b5c7d135fc35cf8f86162
2022-08-04T12:28:12
Vulkan: Fix garbage collection vs outside-RP-only flush In https://chromium-review.googlesource.com/c/angle/angle/+/3379231, an optimization was implemented such that the excessive recorded texture uploads would get flushed early and submitted. This caused a use-after-free bug in the following situation: * Draw with pipeline A * Delete A <--- this puts A in the Context garbage list * Upload a lot of data At this point, the flush threshold could pass and the commands recorded outside of the render pass up to this point would be submitted. Associated with this submission was the current garbage, including pipeline A. However, the render pass that uses pipeline A is still not submitted. Now if after some time the render pass is still open, but the "completed commands" are checked (another set of uploads causing another submission, a query status check, etc), the garbage can be cleaned up. When the render pass closes next and is submitted, the implementation attempts to use the pipeline, which is already deleted. In this change, outside-render-pass-only submissions no longer reference the current garbage. This has the side effect that the temporary buffers used for uploading texture data won't be released early. A future optimization may want to separate the garbage list in ContextVk to render pass and outside render pass garbage. Bug: chromium:1337538 Change-Id: I4d31edc53916785d44420f4d6b4b2578ca3996e2 Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/3812555 Auto-Submit: Shahbaz Youssefi <syoussefi@chromium.org> Reviewed-by: Charlie Lao <cclao@google.com> Commit-Queue: Amirali Abdolrashidi <abdolrashidi@google.com> Reviewed-by: Amirali Abdolrashidi <abdolrashidi@google.com>