@@ -2167,6 +2167,9 @@ int i915_driver_unload(struct drm_device *dev)
destroy_workqueue(dev_priv->wq);
+ if (dev_priv->slab)
+ kmem_cache_destroy(dev_priv->slab);
+
pci_dev_put(dev_priv->bridge_dev);
kfree(dev->dev_private);
@@ -265,6 +265,8 @@ typedef struct drm_i915_private {
const struct intel_device_info *info;
+ struct kmem_cache *slab;
+
int has_gem;
int relative_constants_mode;
@@ -3785,7 +3785,7 @@ struct drm_i915_gem_object *i915_gem_alloc_object(struct drm_device *dev,
struct drm_i915_private *dev_priv = dev->dev_private;
struct drm_i915_gem_object *obj;
- obj = kzalloc(sizeof(*obj), GFP_KERNEL);
+ obj = kmem_cache_alloc(dev_priv->slab, GFP_KERNEL | __GFP_ZERO);
if (obj == NULL)
return NULL;
@@ -3860,7 +3860,7 @@ static void i915_gem_free_object_tail(struct drm_i915_gem_object *obj)
kfree(obj->page_cpu_valid);
kfree(obj->bit_17);
- kfree(obj);
+ kmem_cache_free(dev_priv->slab, obj);
}
void i915_gem_free_object(struct drm_gem_object *gem_obj)
@@ -4051,8 +4051,14 @@ init_ring_lists(struct intel_ring_buffer *ring)
void
i915_gem_load(struct drm_device *dev)
{
- int i;
drm_i915_private_t *dev_priv = dev->dev_private;
+ int i;
+
+ dev_priv->slab =
+ kmem_cache_create("i915_gem_object",
+ sizeof(struct drm_i915_gem_object), 0,
+ SLAB_HWCACHE_ALIGN,
+ NULL);
INIT_LIST_HEAD(&dev_priv->mm.active_list);
INIT_LIST_HEAD(&dev_priv->mm.flushing_list);
The primary purpose of this was to debug some use-after-free memory corruption that was causing an OOPS inside drm/i915. As it turned out the corruption was being caused elsewhere and i915.ko as a major user of many objects was being hit hardest. Indeed as we do frequent the generic kmalloc caches, dedicating one to ourselves (or at least naming one for us depending upon the core) aids debugging our own slab usage. Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> --- drivers/gpu/drm/i915/i915_dma.c | 3 +++ drivers/gpu/drm/i915/i915_drv.h | 2 ++ drivers/gpu/drm/i915/i915_gem.c | 12 +++++++++--- 3 files changed, 14 insertions(+), 3 deletions(-)