kernel/time/hrtimer/tbox.rs
1// SPDX-License-Identifier: GPL-2.0
2
3use super::HasHrTimer;
4use super::HrTimer;
5use super::HrTimerCallback;
6use super::HrTimerHandle;
7use super::HrTimerPointer;
8use super::RawHrTimerCallback;
9use crate::prelude::*;
10use crate::time::Ktime;
11use core::ptr::NonNull;
12
13/// A handle for a [`Box<HasHrTimer<T>>`] returned by a call to
14/// [`HrTimerPointer::start`].
15///
16/// # Invariants
17///
18/// - `self.inner` comes from a `Box::into_raw` call.
19pub struct BoxHrTimerHandle<T, A>
20where
21 T: HasHrTimer<T>,
22 A: crate::alloc::Allocator,
23{
24 pub(crate) inner: NonNull<T>,
25 _p: core::marker::PhantomData<A>,
26}
27
28// SAFETY: We implement drop below, and we cancel the timer in the drop
29// implementation.
30unsafe impl<T, A> HrTimerHandle for BoxHrTimerHandle<T, A>
31where
32 T: HasHrTimer<T>,
33 A: crate::alloc::Allocator,
34{
35 fn cancel(&mut self) -> bool {
36 // SAFETY: As we obtained `self.inner` from a valid reference when we
37 // created `self`, it must point to a valid `T`.
38 let timer_ptr = unsafe { <T as HasHrTimer<T>>::raw_get_timer(self.inner.as_ptr()) };
39
40 // SAFETY: As `timer_ptr` points into `T` and `T` is valid, `timer_ptr`
41 // must point to a valid `HrTimer` instance.
42 unsafe { HrTimer::<T>::raw_cancel(timer_ptr) }
43 }
44}
45
46impl<T, A> Drop for BoxHrTimerHandle<T, A>
47where
48 T: HasHrTimer<T>,
49 A: crate::alloc::Allocator,
50{
51 fn drop(&mut self) {
52 self.cancel();
53 // SAFETY: By type invariant, `self.inner` came from a `Box::into_raw`
54 // call.
55 drop(unsafe { Box::<T, A>::from_raw(self.inner.as_ptr()) })
56 }
57}
58
59impl<T, A> HrTimerPointer for Pin<Box<T, A>>
60where
61 T: 'static,
62 T: Send + Sync,
63 T: HasHrTimer<T>,
64 T: for<'a> HrTimerCallback<Pointer<'a> = Pin<Box<T, A>>>,
65 A: crate::alloc::Allocator,
66{
67 type TimerHandle = BoxHrTimerHandle<T, A>;
68
69 fn start(self, expires: Ktime) -> Self::TimerHandle {
70 // SAFETY:
71 // - We will not move out of this box during timer callback (we pass an
72 // immutable reference to the callback).
73 // - `Box::into_raw` is guaranteed to return a valid pointer.
74 let inner =
75 unsafe { NonNull::new_unchecked(Box::into_raw(Pin::into_inner_unchecked(self))) };
76
77 // SAFETY:
78 // - We keep `self` alive by wrapping it in a handle below.
79 // - Since we generate the pointer passed to `start` from a valid
80 // reference, it is a valid pointer.
81 unsafe { T::start(inner.as_ptr(), expires) };
82
83 // INVARIANT: `inner` came from `Box::into_raw` above.
84 BoxHrTimerHandle {
85 inner,
86 _p: core::marker::PhantomData,
87 }
88 }
89}
90
91impl<T, A> RawHrTimerCallback for Pin<Box<T, A>>
92where
93 T: 'static,
94 T: HasHrTimer<T>,
95 T: for<'a> HrTimerCallback<Pointer<'a> = Pin<Box<T, A>>>,
96 A: crate::alloc::Allocator,
97{
98 type CallbackTarget<'a> = Pin<&'a mut T>;
99
100 unsafe extern "C" fn run(ptr: *mut bindings::hrtimer) -> bindings::hrtimer_restart {
101 // `HrTimer` is `repr(C)`
102 let timer_ptr = ptr.cast::<super::HrTimer<T>>();
103
104 // SAFETY: By C API contract `ptr` is the pointer we passed when
105 // queuing the timer, so it is a `HrTimer<T>` embedded in a `T`.
106 let data_ptr = unsafe { T::timer_container_of(timer_ptr) };
107
108 // SAFETY:
109 // - As per the safety requirements of the trait `HrTimerHandle`, the
110 // `BoxHrTimerHandle` associated with this timer is guaranteed to
111 // be alive until this method returns. That handle owns the `T`
112 // behind `data_ptr` thus guaranteeing the validity of
113 // the reference created below.
114 // - As `data_ptr` comes from a `Pin<Box<T>>`, only pinned references to
115 // `data_ptr` exist.
116 let data_mut_ref = unsafe { Pin::new_unchecked(&mut *data_ptr) };
117
118 T::run(data_mut_ref).into_c()
119 }
120}