commit e6ea10d5dbe082c54add289b44f08c9fcfe658af · tjh.dev/kernel

+15

MAINTAINERS

··· 10370 F: kernel/time/timer_migration.* 10371 F: tools/testing/selftests/timers/ 10372 10373 HIGH-SPEED SCC DRIVER FOR AX.25 10374 L: linux-hams@vger.kernel.org 10375 S: Orphan

··· 10370 F: kernel/time/timer_migration.* 10371 F: tools/testing/selftests/timers/ 10372 10373 + HIGH-RESOLUTION TIMERS [RUST] 10374 + M: Andreas Hindborg <a.hindborg@kernel.org> 10375 + R: Boqun Feng <boqun.feng@gmail.com> 10376 + R: Frederic Weisbecker <frederic@kernel.org> 10377 + R: Lyude Paul <lyude@redhat.com> 10378 + R: Thomas Gleixner <tglx@linutronix.de> 10379 + R: Anna-Maria Behnsen <anna-maria@linutronix.de> 10380 + L: rust-for-linux@vger.kernel.org 10381 + S: Supported 10382 + W: https://rust-for-linux.com 10383 + B: https://github.com/Rust-for-Linux/linux/issues 10384 + T: git https://github.com/Rust-for-Linux/linux.git hrtimer-next 10385 + F: rust/kernel/time/hrtimer.rs 10386 + F: rust/kernel/time/hrtimer/ 10387 + 10388 HIGH-SPEED SCC DRIVER FOR AX.25 10389 L: linux-hams@vger.kernel.org 10390 S: Orphan

+6

rust/kernel/alloc/kbox.rs

··· 252 Ok(Self::new(x, flags)?.into()) 253 } 254 255 /// Forgets the contents (does not run the destructor), but keeps the allocation. 256 fn forget_contents(this: Self) -> Box<MaybeUninit<T>, A> { 257 let ptr = Self::into_raw(this);

··· 252 Ok(Self::new(x, flags)?.into()) 253 } 254 255 + /// Convert a [`Box<T,A>`] to a [`Pin<Box<T,A>>`]. If `T` does not implement 256 + /// [`Unpin`], then `x` will be pinned in memory and can't be moved. 257 + pub fn into_pin(this: Self) -> Pin<Self> { 258 + this.into() 259 + } 260 + 261 /// Forgets the contents (does not run the destructor), but keeps the allocation. 262 fn forget_contents(this: Self) -> Box<MaybeUninit<T>, A> { 263 let ptr = Self::into_raw(this);

+11 -2

rust/kernel/sync/arc.rs

··· 266 unsafe { core::ptr::addr_of!((*ptr).data) } 267 } 268 269 /// Recreates an [`Arc`] instance previously deconstructed via [`Arc::into_raw`]. 270 /// 271 /// # Safety ··· 568 } 569 570 /// Creates an [`ArcBorrow`] to an [`Arc`] that has previously been deconstructed with 571 - /// [`Arc::into_raw`]. 572 /// 573 /// # Safety 574 /// 575 - /// * The provided pointer must originate from a call to [`Arc::into_raw`]. 576 /// * For the duration of the lifetime annotated on this `ArcBorrow`, the reference count must 577 /// not hit zero. 578 /// * For the duration of the lifetime annotated on this `ArcBorrow`, there must not be a

··· 266 unsafe { core::ptr::addr_of!((*ptr).data) } 267 } 268 269 + /// Return a raw pointer to the data in this arc. 270 + pub fn as_ptr(this: &Self) -> *const T { 271 + let ptr = this.ptr.as_ptr(); 272 + 273 + // SAFETY: As `ptr` points to a valid allocation of type `ArcInner`, 274 + // field projection to `data`is within bounds of the allocation. 275 + unsafe { core::ptr::addr_of!((*ptr).data) } 276 + } 277 + 278 /// Recreates an [`Arc`] instance previously deconstructed via [`Arc::into_raw`]. 279 /// 280 /// # Safety ··· 559 } 560 561 /// Creates an [`ArcBorrow`] to an [`Arc`] that has previously been deconstructed with 562 + /// [`Arc::into_raw`] or [`Arc::as_ptr`]. 563 /// 564 /// # Safety 565 /// 566 + /// * The provided pointer must originate from a call to [`Arc::into_raw`] or [`Arc::as_ptr`]. 567 /// * For the duration of the lifetime annotated on this `ArcBorrow`, the reference count must 568 /// not hit zero. 569 /// * For the duration of the lifetime annotated on this `ArcBorrow`, there must not be a

+68

rust/kernel/time.rs

··· 8 //! C header: [`include/linux/jiffies.h`](srctree/include/linux/jiffies.h). 9 //! C header: [`include/linux/ktime.h`](srctree/include/linux/ktime.h). 10 11 /// The number of nanoseconds per millisecond. 12 pub const NSEC_PER_MSEC: i64 = bindings::NSEC_PER_MSEC as i64; 13 ··· 81 Self { 82 inner: self.inner - other.inner, 83 } 84 } 85 }

··· 8 //! C header: [`include/linux/jiffies.h`](srctree/include/linux/jiffies.h). 9 //! C header: [`include/linux/ktime.h`](srctree/include/linux/ktime.h). 10 11 + pub mod hrtimer; 12 + 13 /// The number of nanoseconds per millisecond. 14 pub const NSEC_PER_MSEC: i64 = bindings::NSEC_PER_MSEC as i64; 15 ··· 79 Self { 80 inner: self.inner - other.inner, 81 } 82 + } 83 + } 84 + 85 + /// An identifier for a clock. Used when specifying clock sources. 86 + /// 87 + /// 88 + /// Selection of the clock depends on the use case. In some cases the usage of a 89 + /// particular clock is mandatory, e.g. in network protocols, filesystems.In other 90 + /// cases the user of the clock has to decide which clock is best suited for the 91 + /// purpose. In most scenarios clock [`ClockId::Monotonic`] is the best choice as it 92 + /// provides a accurate monotonic notion of time (leap second smearing ignored). 93 + #[derive(Clone, Copy, PartialEq, Eq, Debug)] 94 + #[repr(u32)] 95 + pub enum ClockId { 96 + /// A settable system-wide clock that measures real (i.e., wall-clock) time. 97 + /// 98 + /// Setting this clock requires appropriate privileges. This clock is 99 + /// affected by discontinuous jumps in the system time (e.g., if the system 100 + /// administrator manually changes the clock), and by frequency adjustments 101 + /// performed by NTP and similar applications via adjtime(3), adjtimex(2), 102 + /// clock_adjtime(2), and ntp_adjtime(3). This clock normally counts the 103 + /// number of seconds since 1970-01-01 00:00:00 Coordinated Universal Time 104 + /// (UTC) except that it ignores leap seconds; near a leap second it may be 105 + /// adjusted by leap second smearing to stay roughly in sync with UTC. Leap 106 + /// second smearing applies frequency adjustments to the clock to speed up 107 + /// or slow down the clock to account for the leap second without 108 + /// discontinuities in the clock. If leap second smearing is not applied, 109 + /// the clock will experience discontinuity around leap second adjustment. 110 + RealTime = bindings::CLOCK_REALTIME, 111 + /// A monotonically increasing clock. 112 + /// 113 + /// A nonsettable system-wide clock that represents monotonic time since—as 114 + /// described by POSIX—"some unspecified point in the past". On Linux, that 115 + /// point corresponds to the number of seconds that the system has been 116 + /// running since it was booted. 117 + /// 118 + /// The CLOCK_MONOTONIC clock is not affected by discontinuous jumps in the 119 + /// CLOCK_REAL (e.g., if the system administrator manually changes the 120 + /// clock), but is affected by frequency adjustments. This clock does not 121 + /// count time that the system is suspended. 122 + Monotonic = bindings::CLOCK_MONOTONIC, 123 + /// A monotonic that ticks while system is suspended. 124 + /// 125 + /// A nonsettable system-wide clock that is identical to CLOCK_MONOTONIC, 126 + /// except that it also includes any time that the system is suspended. This 127 + /// allows applications to get a suspend-aware monotonic clock without 128 + /// having to deal with the complications of CLOCK_REALTIME, which may have 129 + /// discontinuities if the time is changed using settimeofday(2) or similar. 130 + BootTime = bindings::CLOCK_BOOTTIME, 131 + /// International Atomic Time. 132 + /// 133 + /// A system-wide clock derived from wall-clock time but counting leap seconds. 134 + /// 135 + /// This clock is coupled to CLOCK_REALTIME and will be set when CLOCK_REALTIME is 136 + /// set, or when the offset to CLOCK_REALTIME is changed via adjtimex(2). This 137 + /// usually happens during boot and **should** not happen during normal operations. 138 + /// However, if NTP or another application adjusts CLOCK_REALTIME by leap second 139 + /// smearing, this clock will not be precise during leap second smearing. 140 + /// 141 + /// The acronym TAI refers to International Atomic Time. 142 + TAI = bindings::CLOCK_TAI, 143 + } 144 + 145 + impl ClockId { 146 + fn into_c(self) -> bindings::clockid_t { 147 + self as bindings::clockid_t 148 } 149 }

+520

rust/kernel/time/hrtimer.rs

···

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + 3 + //! Intrusive high resolution timers. 4 + //! 5 + //! Allows running timer callbacks without doing allocations at the time of 6 + //! starting the timer. For now, only one timer per type is allowed. 7 + //! 8 + //! # Vocabulary 9 + //! 10 + //! States: 11 + //! 12 + //! - Stopped: initialized but not started, or cancelled, or not restarted. 13 + //! - Started: initialized and started or restarted. 14 + //! - Running: executing the callback. 15 + //! 16 + //! Operations: 17 + //! 18 + //! * Start 19 + //! * Cancel 20 + //! * Restart 21 + //! 22 + //! Events: 23 + //! 24 + //! * Expire 25 + //! 26 + //! ## State Diagram 27 + //! 28 + //! ```text 29 + //! Return NoRestart 30 + //! +---------------------------------------------------------------------+ 31 + //! | | 32 + //! | | 33 + //! | | 34 + //! | Return Restart | 35 + //! | +------------------------+ | 36 + //! | | | | 37 + //! | | | | 38 + //! v v | | 39 + //! +-----------------+ Start +------------------+ +--------+-----+--+ 40 + //! | +---------------->| | | | 41 + //! Init | | | | Expire | | 42 + //! --------->| Stopped | | Started +---------->| Running | 43 + //! | | Cancel | | | | 44 + //! | |<----------------+ | | | 45 + //! +-----------------+ +---------------+--+ +-----------------+ 46 + //! ^ | 47 + //! | | 48 + //! +---------+ 49 + //! Restart 50 + //! ``` 51 + //! 52 + //! 53 + //! A timer is initialized in the **stopped** state. A stopped timer can be 54 + //! **started** by the `start` operation, with an **expiry** time. After the 55 + //! `start` operation, the timer is in the **started** state. When the timer 56 + //! **expires**, the timer enters the **running** state and the handler is 57 + //! executed. After the handler has returned, the timer may enter the 58 + //! **started* or **stopped** state, depending on the return value of the 59 + //! handler. A timer in the **started** or **running** state may be **canceled** 60 + //! by the `cancel` operation. A timer that is cancelled enters the **stopped** 61 + //! state. 62 + //! 63 + //! A `cancel` or `restart` operation on a timer in the **running** state takes 64 + //! effect after the handler has returned and the timer has transitioned 65 + //! out of the **running** state. 66 + //! 67 + //! A `restart` operation on a timer in the **stopped** state is equivalent to a 68 + //! `start` operation. 69 + 70 + use super::ClockId; 71 + use crate::{prelude::*, time::Ktime, types::Opaque}; 72 + use core::marker::PhantomData; 73 + use pin_init::PinInit; 74 + 75 + /// A timer backed by a C `struct hrtimer`. 76 + /// 77 + /// # Invariants 78 + /// 79 + /// * `self.timer` is initialized by `bindings::hrtimer_setup`. 80 + #[pin_data] 81 + #[repr(C)] 82 + pub struct HrTimer<T> { 83 + #[pin] 84 + timer: Opaque<bindings::hrtimer>, 85 + mode: HrTimerMode, 86 + _t: PhantomData<T>, 87 + } 88 + 89 + // SAFETY: Ownership of an `HrTimer` can be moved to other threads and 90 + // used/dropped from there. 91 + unsafe impl<T> Send for HrTimer<T> {} 92 + 93 + // SAFETY: Timer operations are locked on the C side, so it is safe to operate 94 + // on a timer from multiple threads. 95 + unsafe impl<T> Sync for HrTimer<T> {} 96 + 97 + impl<T> HrTimer<T> { 98 + /// Return an initializer for a new timer instance. 99 + pub fn new(mode: HrTimerMode, clock: ClockId) -> impl PinInit<Self> 100 + where 101 + T: HrTimerCallback, 102 + { 103 + pin_init!(Self { 104 + // INVARIANT: We initialize `timer` with `hrtimer_setup` below. 105 + timer <- Opaque::ffi_init(move |place: *mut bindings::hrtimer| { 106 + // SAFETY: By design of `pin_init!`, `place` is a pointer to a 107 + // live allocation. hrtimer_setup will initialize `place` and 108 + // does not require `place` to be initialized prior to the call. 109 + unsafe { 110 + bindings::hrtimer_setup( 111 + place, 112 + Some(T::Pointer::run), 113 + clock.into_c(), 114 + mode.into_c(), 115 + ); 116 + } 117 + }), 118 + mode: mode, 119 + _t: PhantomData, 120 + }) 121 + } 122 + 123 + /// Get a pointer to the contained `bindings::hrtimer`. 124 + /// 125 + /// This function is useful to get access to the value without creating 126 + /// intermediate references. 127 + /// 128 + /// # Safety 129 + /// 130 + /// `this` must point to a live allocation of at least the size of `Self`. 131 + unsafe fn raw_get(this: *const Self) -> *mut bindings::hrtimer { 132 + // SAFETY: The field projection to `timer` does not go out of bounds, 133 + // because the caller of this function promises that `this` points to an 134 + // allocation of at least the size of `Self`. 135 + unsafe { Opaque::raw_get(core::ptr::addr_of!((*this).timer)) } 136 + } 137 + 138 + /// Cancel an initialized and potentially running timer. 139 + /// 140 + /// If the timer handler is running, this function will block until the 141 + /// handler returns. 142 + /// 143 + /// Note that the timer might be started by a concurrent start operation. If 144 + /// so, the timer might not be in the **stopped** state when this function 145 + /// returns. 146 + /// 147 + /// Users of the `HrTimer` API would not usually call this method directly. 148 + /// Instead they would use the safe [`HrTimerHandle::cancel`] on the handle 149 + /// returned when the timer was started. 150 + /// 151 + /// This function is useful to get access to the value without creating 152 + /// intermediate references. 153 + /// 154 + /// # Safety 155 + /// 156 + /// `this` must point to a valid `Self`. 157 + pub(crate) unsafe fn raw_cancel(this: *const Self) -> bool { 158 + // SAFETY: `this` points to an allocation of at least `HrTimer` size. 159 + let c_timer_ptr = unsafe { HrTimer::raw_get(this) }; 160 + 161 + // If the handler is running, this will wait for the handler to return 162 + // before returning. 163 + // SAFETY: `c_timer_ptr` is initialized and valid. Synchronization is 164 + // handled on the C side. 165 + unsafe { bindings::hrtimer_cancel(c_timer_ptr) != 0 } 166 + } 167 + } 168 + 169 + /// Implemented by pointer types that point to structs that contain a [`HrTimer`]. 170 + /// 171 + /// `Self` must be [`Sync`] because it is passed to timer callbacks in another 172 + /// thread of execution (hard or soft interrupt context). 173 + /// 174 + /// Starting a timer returns a [`HrTimerHandle`] that can be used to manipulate 175 + /// the timer. Note that it is OK to call the start function repeatedly, and 176 + /// that more than one [`HrTimerHandle`] associated with a [`HrTimerPointer`] may 177 + /// exist. A timer can be manipulated through any of the handles, and a handle 178 + /// may represent a cancelled timer. 179 + pub trait HrTimerPointer: Sync + Sized { 180 + /// A handle representing a started or restarted timer. 181 + /// 182 + /// If the timer is running or if the timer callback is executing when the 183 + /// handle is dropped, the drop method of [`HrTimerHandle`] should not return 184 + /// until the timer is stopped and the callback has completed. 185 + /// 186 + /// Note: When implementing this trait, consider that it is not unsafe to 187 + /// leak the handle. 188 + type TimerHandle: HrTimerHandle; 189 + 190 + /// Start the timer with expiry after `expires` time units. If the timer was 191 + /// already running, it is restarted with the new expiry time. 192 + fn start(self, expires: Ktime) -> Self::TimerHandle; 193 + } 194 + 195 + /// Unsafe version of [`HrTimerPointer`] for situations where leaking the 196 + /// [`HrTimerHandle`] returned by `start` would be unsound. This is the case for 197 + /// stack allocated timers. 198 + /// 199 + /// Typical implementers are pinned references such as [`Pin<&T>`]. 200 + /// 201 + /// # Safety 202 + /// 203 + /// Implementers of this trait must ensure that instances of types implementing 204 + /// [`UnsafeHrTimerPointer`] outlives any associated [`HrTimerPointer::TimerHandle`] 205 + /// instances. 206 + pub unsafe trait UnsafeHrTimerPointer: Sync + Sized { 207 + /// A handle representing a running timer. 208 + /// 209 + /// # Safety 210 + /// 211 + /// If the timer is running, or if the timer callback is executing when the 212 + /// handle is dropped, the drop method of [`Self::TimerHandle`] must not return 213 + /// until the timer is stopped and the callback has completed. 214 + type TimerHandle: HrTimerHandle; 215 + 216 + /// Start the timer after `expires` time units. If the timer was already 217 + /// running, it is restarted at the new expiry time. 218 + /// 219 + /// # Safety 220 + /// 221 + /// Caller promises keep the timer structure alive until the timer is dead. 222 + /// Caller can ensure this by not leaking the returned [`Self::TimerHandle`]. 223 + unsafe fn start(self, expires: Ktime) -> Self::TimerHandle; 224 + } 225 + 226 + /// A trait for stack allocated timers. 227 + /// 228 + /// # Safety 229 + /// 230 + /// Implementers must ensure that `start_scoped` does not return until the 231 + /// timer is dead and the timer handler is not running. 232 + pub unsafe trait ScopedHrTimerPointer { 233 + /// Start the timer to run after `expires` time units and immediately 234 + /// after call `f`. When `f` returns, the timer is cancelled. 235 + fn start_scoped<T, F>(self, expires: Ktime, f: F) -> T 236 + where 237 + F: FnOnce() -> T; 238 + } 239 + 240 + // SAFETY: By the safety requirement of [`UnsafeHrTimerPointer`], dropping the 241 + // handle returned by [`UnsafeHrTimerPointer::start`] ensures that the timer is 242 + // killed. 243 + unsafe impl<T> ScopedHrTimerPointer for T 244 + where 245 + T: UnsafeHrTimerPointer, 246 + { 247 + fn start_scoped<U, F>(self, expires: Ktime, f: F) -> U 248 + where 249 + F: FnOnce() -> U, 250 + { 251 + // SAFETY: We drop the timer handle below before returning. 252 + let handle = unsafe { UnsafeHrTimerPointer::start(self, expires) }; 253 + let t = f(); 254 + drop(handle); 255 + t 256 + } 257 + } 258 + 259 + /// Implemented by [`HrTimerPointer`] implementers to give the C timer callback a 260 + /// function to call. 261 + // This is split from `HrTimerPointer` to make it easier to specify trait bounds. 262 + pub trait RawHrTimerCallback { 263 + /// Type of the parameter passed to [`HrTimerCallback::run`]. It may be 264 + /// [`Self`], or a pointer type derived from [`Self`]. 265 + type CallbackTarget<'a>; 266 + 267 + /// Callback to be called from C when timer fires. 268 + /// 269 + /// # Safety 270 + /// 271 + /// Only to be called by C code in the `hrtimer` subsystem. `this` must point 272 + /// to the `bindings::hrtimer` structure that was used to start the timer. 273 + unsafe extern "C" fn run(this: *mut bindings::hrtimer) -> bindings::hrtimer_restart; 274 + } 275 + 276 + /// Implemented by structs that can be the target of a timer callback. 277 + pub trait HrTimerCallback { 278 + /// The type whose [`RawHrTimerCallback::run`] method will be invoked when 279 + /// the timer expires. 280 + type Pointer<'a>: RawHrTimerCallback; 281 + 282 + /// Called by the timer logic when the timer fires. 283 + fn run(this: <Self::Pointer<'_> as RawHrTimerCallback>::CallbackTarget<'_>) -> HrTimerRestart 284 + where 285 + Self: Sized; 286 + } 287 + 288 + /// A handle representing a potentially running timer. 289 + /// 290 + /// More than one handle representing the same timer might exist. 291 + /// 292 + /// # Safety 293 + /// 294 + /// When dropped, the timer represented by this handle must be cancelled, if it 295 + /// is running. If the timer handler is running when the handle is dropped, the 296 + /// drop method must wait for the handler to return before returning. 297 + /// 298 + /// Note: One way to satisfy the safety requirement is to call `Self::cancel` in 299 + /// the drop implementation for `Self.` 300 + pub unsafe trait HrTimerHandle { 301 + /// Cancel the timer. If the timer is in the running state, block till the 302 + /// handler has returned. 303 + /// 304 + /// Note that the timer might be started by a concurrent start operation. If 305 + /// so, the timer might not be in the **stopped** state when this function 306 + /// returns. 307 + fn cancel(&mut self) -> bool; 308 + } 309 + 310 + /// Implemented by structs that contain timer nodes. 311 + /// 312 + /// Clients of the timer API would usually safely implement this trait by using 313 + /// the [`crate::impl_has_hr_timer`] macro. 314 + /// 315 + /// # Safety 316 + /// 317 + /// Implementers of this trait must ensure that the implementer has a 318 + /// [`HrTimer`] field and that all trait methods are implemented according to 319 + /// their documentation. All the methods of this trait must operate on the same 320 + /// field. 321 + pub unsafe trait HasHrTimer<T> { 322 + /// Return a pointer to the [`HrTimer`] within `Self`. 323 + /// 324 + /// This function is useful to get access to the value without creating 325 + /// intermediate references. 326 + /// 327 + /// # Safety 328 + /// 329 + /// `this` must be a valid pointer. 330 + unsafe fn raw_get_timer(this: *const Self) -> *const HrTimer<T>; 331 + 332 + /// Return a pointer to the struct that is containing the [`HrTimer`] pointed 333 + /// to by `ptr`. 334 + /// 335 + /// This function is useful to get access to the value without creating 336 + /// intermediate references. 337 + /// 338 + /// # Safety 339 + /// 340 + /// `ptr` must point to a [`HrTimer<T>`] field in a struct of type `Self`. 341 + unsafe fn timer_container_of(ptr: *mut HrTimer<T>) -> *mut Self 342 + where 343 + Self: Sized; 344 + 345 + /// Get pointer to the contained `bindings::hrtimer` struct. 346 + /// 347 + /// This function is useful to get access to the value without creating 348 + /// intermediate references. 349 + /// 350 + /// # Safety 351 + /// 352 + /// `this` must be a valid pointer. 353 + unsafe fn c_timer_ptr(this: *const Self) -> *const bindings::hrtimer { 354 + // SAFETY: `this` is a valid pointer to a `Self`. 355 + let timer_ptr = unsafe { Self::raw_get_timer(this) }; 356 + 357 + // SAFETY: timer_ptr points to an allocation of at least `HrTimer` size. 358 + unsafe { HrTimer::raw_get(timer_ptr) } 359 + } 360 + 361 + /// Start the timer contained in the `Self` pointed to by `self_ptr`. If 362 + /// it is already running it is removed and inserted. 363 + /// 364 + /// # Safety 365 + /// 366 + /// - `this` must point to a valid `Self`. 367 + /// - Caller must ensure that the pointee of `this` lives until the timer 368 + /// fires or is canceled. 369 + unsafe fn start(this: *const Self, expires: Ktime) { 370 + // SAFETY: By function safety requirement, `this` is a valid `Self`. 371 + unsafe { 372 + bindings::hrtimer_start_range_ns( 373 + Self::c_timer_ptr(this).cast_mut(), 374 + expires.to_ns(), 375 + 0, 376 + (*Self::raw_get_timer(this)).mode.into_c(), 377 + ); 378 + } 379 + } 380 + } 381 + 382 + /// Restart policy for timers. 383 + #[derive(Copy, Clone, PartialEq, Eq, Debug)] 384 + #[repr(u32)] 385 + pub enum HrTimerRestart { 386 + /// Timer should not be restarted. 387 + #[allow(clippy::unnecessary_cast)] 388 + NoRestart = bindings::hrtimer_restart_HRTIMER_NORESTART as u32, 389 + /// Timer should be restarted. 390 + #[allow(clippy::unnecessary_cast)] 391 + Restart = bindings::hrtimer_restart_HRTIMER_RESTART as u32, 392 + } 393 + 394 + impl HrTimerRestart { 395 + fn into_c(self) -> bindings::hrtimer_restart { 396 + self as bindings::hrtimer_restart 397 + } 398 + } 399 + 400 + /// Operational mode of [`HrTimer`]. 401 + // NOTE: Some of these have the same encoding on the C side, so we keep 402 + // `repr(Rust)` and convert elsewhere. 403 + #[derive(Clone, Copy, PartialEq, Eq, Debug)] 404 + pub enum HrTimerMode { 405 + /// Timer expires at the given expiration time. 406 + Absolute, 407 + /// Timer expires after the given expiration time interpreted as a duration from now. 408 + Relative, 409 + /// Timer does not move between CPU cores. 410 + Pinned, 411 + /// Timer handler is executed in soft irq context. 412 + Soft, 413 + /// Timer handler is executed in hard irq context. 414 + Hard, 415 + /// Timer expires at the given expiration time. 416 + /// Timer does not move between CPU cores. 417 + AbsolutePinned, 418 + /// Timer expires after the given expiration time interpreted as a duration from now. 419 + /// Timer does not move between CPU cores. 420 + RelativePinned, 421 + /// Timer expires at the given expiration time. 422 + /// Timer handler is executed in soft irq context. 423 + AbsoluteSoft, 424 + /// Timer expires after the given expiration time interpreted as a duration from now. 425 + /// Timer handler is executed in soft irq context. 426 + RelativeSoft, 427 + /// Timer expires at the given expiration time. 428 + /// Timer does not move between CPU cores. 429 + /// Timer handler is executed in soft irq context. 430 + AbsolutePinnedSoft, 431 + /// Timer expires after the given expiration time interpreted as a duration from now. 432 + /// Timer does not move between CPU cores. 433 + /// Timer handler is executed in soft irq context. 434 + RelativePinnedSoft, 435 + /// Timer expires at the given expiration time. 436 + /// Timer handler is executed in hard irq context. 437 + AbsoluteHard, 438 + /// Timer expires after the given expiration time interpreted as a duration from now. 439 + /// Timer handler is executed in hard irq context. 440 + RelativeHard, 441 + /// Timer expires at the given expiration time. 442 + /// Timer does not move between CPU cores. 443 + /// Timer handler is executed in hard irq context. 444 + AbsolutePinnedHard, 445 + /// Timer expires after the given expiration time interpreted as a duration from now. 446 + /// Timer does not move between CPU cores. 447 + /// Timer handler is executed in hard irq context. 448 + RelativePinnedHard, 449 + } 450 + 451 + impl HrTimerMode { 452 + fn into_c(self) -> bindings::hrtimer_mode { 453 + use bindings::*; 454 + match self { 455 + HrTimerMode::Absolute => hrtimer_mode_HRTIMER_MODE_ABS, 456 + HrTimerMode::Relative => hrtimer_mode_HRTIMER_MODE_REL, 457 + HrTimerMode::Pinned => hrtimer_mode_HRTIMER_MODE_PINNED, 458 + HrTimerMode::Soft => hrtimer_mode_HRTIMER_MODE_SOFT, 459 + HrTimerMode::Hard => hrtimer_mode_HRTIMER_MODE_HARD, 460 + HrTimerMode::AbsolutePinned => hrtimer_mode_HRTIMER_MODE_ABS_PINNED, 461 + HrTimerMode::RelativePinned => hrtimer_mode_HRTIMER_MODE_REL_PINNED, 462 + HrTimerMode::AbsoluteSoft => hrtimer_mode_HRTIMER_MODE_ABS_SOFT, 463 + HrTimerMode::RelativeSoft => hrtimer_mode_HRTIMER_MODE_REL_SOFT, 464 + HrTimerMode::AbsolutePinnedSoft => hrtimer_mode_HRTIMER_MODE_ABS_PINNED_SOFT, 465 + HrTimerMode::RelativePinnedSoft => hrtimer_mode_HRTIMER_MODE_REL_PINNED_SOFT, 466 + HrTimerMode::AbsoluteHard => hrtimer_mode_HRTIMER_MODE_ABS_HARD, 467 + HrTimerMode::RelativeHard => hrtimer_mode_HRTIMER_MODE_REL_HARD, 468 + HrTimerMode::AbsolutePinnedHard => hrtimer_mode_HRTIMER_MODE_ABS_PINNED_HARD, 469 + HrTimerMode::RelativePinnedHard => hrtimer_mode_HRTIMER_MODE_REL_PINNED_HARD, 470 + } 471 + } 472 + } 473 + 474 + /// Use to implement the [`HasHrTimer<T>`] trait. 475 + /// 476 + /// See [`module`] documentation for an example. 477 + /// 478 + /// [`module`]: crate::time::hrtimer 479 + #[macro_export] 480 + macro_rules! impl_has_hr_timer { 481 + ( 482 + impl$({$($generics:tt)*})? 483 + HasHrTimer<$timer_type:ty> 484 + for $self:ty 485 + { self.$field:ident } 486 + $($rest:tt)* 487 + ) => { 488 + // SAFETY: This implementation of `raw_get_timer` only compiles if the 489 + // field has the right type. 490 + unsafe impl$(<$($generics)*>)? $crate::time::hrtimer::HasHrTimer<$timer_type> for $self { 491 + 492 + #[inline] 493 + unsafe fn raw_get_timer( 494 + this: *const Self, 495 + ) -> *const $crate::time::hrtimer::HrTimer<$timer_type> { 496 + // SAFETY: The caller promises that the pointer is not dangling. 497 + unsafe { ::core::ptr::addr_of!((*this).$field) } 498 + } 499 + 500 + #[inline] 501 + unsafe fn timer_container_of( 502 + ptr: *mut $crate::time::hrtimer::HrTimer<$timer_type>, 503 + ) -> *mut Self { 504 + // SAFETY: As per the safety requirement of this function, `ptr` 505 + // is pointing inside a `$timer_type`. 506 + unsafe { ::kernel::container_of!(ptr, $timer_type, $field).cast_mut() } 507 + } 508 + } 509 + } 510 + } 511 + 512 + mod arc; 513 + pub use arc::ArcHrTimerHandle; 514 + mod pin; 515 + pub use pin::PinHrTimerHandle; 516 + mod pin_mut; 517 + pub use pin_mut::PinMutHrTimerHandle; 518 + // `box` is a reserved keyword, so prefix with `t` for timer 519 + mod tbox; 520 + pub use tbox::BoxHrTimerHandle;

+100

rust/kernel/time/hrtimer/arc.rs

···

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + 3 + use super::HasHrTimer; 4 + use super::HrTimer; 5 + use super::HrTimerCallback; 6 + use super::HrTimerHandle; 7 + use super::HrTimerPointer; 8 + use super::RawHrTimerCallback; 9 + use crate::sync::Arc; 10 + use crate::sync::ArcBorrow; 11 + use crate::time::Ktime; 12 + 13 + /// A handle for an `Arc<HasHrTimer<T>>` returned by a call to 14 + /// [`HrTimerPointer::start`]. 15 + pub struct ArcHrTimerHandle<T> 16 + where 17 + T: HasHrTimer<T>, 18 + { 19 + pub(crate) inner: Arc<T>, 20 + } 21 + 22 + // SAFETY: We implement drop below, and we cancel the timer in the drop 23 + // implementation. 24 + unsafe impl<T> HrTimerHandle for ArcHrTimerHandle<T> 25 + where 26 + T: HasHrTimer<T>, 27 + { 28 + fn cancel(&mut self) -> bool { 29 + let self_ptr = Arc::as_ptr(&self.inner); 30 + 31 + // SAFETY: As we obtained `self_ptr` from a valid reference above, it 32 + // must point to a valid `T`. 33 + let timer_ptr = unsafe { <T as HasHrTimer<T>>::raw_get_timer(self_ptr) }; 34 + 35 + // SAFETY: As `timer_ptr` points into `T` and `T` is valid, `timer_ptr` 36 + // must point to a valid `HrTimer` instance. 37 + unsafe { HrTimer::<T>::raw_cancel(timer_ptr) } 38 + } 39 + } 40 + 41 + impl<T> Drop for ArcHrTimerHandle<T> 42 + where 43 + T: HasHrTimer<T>, 44 + { 45 + fn drop(&mut self) { 46 + self.cancel(); 47 + } 48 + } 49 + 50 + impl<T> HrTimerPointer for Arc<T> 51 + where 52 + T: 'static, 53 + T: Send + Sync, 54 + T: HasHrTimer<T>, 55 + T: for<'a> HrTimerCallback<Pointer<'a> = Self>, 56 + { 57 + type TimerHandle = ArcHrTimerHandle<T>; 58 + 59 + fn start(self, expires: Ktime) -> ArcHrTimerHandle<T> { 60 + // SAFETY: 61 + // - We keep `self` alive by wrapping it in a handle below. 62 + // - Since we generate the pointer passed to `start` from a valid 63 + // reference, it is a valid pointer. 64 + unsafe { T::start(Arc::as_ptr(&self), expires) }; 65 + ArcHrTimerHandle { inner: self } 66 + } 67 + } 68 + 69 + impl<T> RawHrTimerCallback for Arc<T> 70 + where 71 + T: 'static, 72 + T: HasHrTimer<T>, 73 + T: for<'a> HrTimerCallback<Pointer<'a> = Self>, 74 + { 75 + type CallbackTarget<'a> = ArcBorrow<'a, T>; 76 + 77 + unsafe extern "C" fn run(ptr: *mut bindings::hrtimer) -> bindings::hrtimer_restart { 78 + // `HrTimer` is `repr(C)` 79 + let timer_ptr = ptr.cast::<super::HrTimer<T>>(); 80 + 81 + // SAFETY: By C API contract `ptr` is the pointer we passed when 82 + // queuing the timer, so it is a `HrTimer<T>` embedded in a `T`. 83 + let data_ptr = unsafe { T::timer_container_of(timer_ptr) }; 84 + 85 + // SAFETY: 86 + // - `data_ptr` is derived form the pointer to the `T` that was used to 87 + // queue the timer. 88 + // - As per the safety requirements of the trait `HrTimerHandle`, the 89 + // `ArcHrTimerHandle` associated with this timer is guaranteed to 90 + // be alive until this method returns. That handle borrows the `T` 91 + // behind `data_ptr` thus guaranteeing the validity of 92 + // the `ArcBorrow` created below. 93 + // - We own one refcount in the `ArcTimerHandle` associated with this 94 + // timer, so it is not possible to get a `UniqueArc` to this 95 + // allocation from other `Arc` clones. 96 + let receiver = unsafe { ArcBorrow::from_raw(data_ptr) }; 97 + 98 + T::run(receiver).into_c() 99 + } 100 + }

+104

rust/kernel/time/hrtimer/pin.rs

···

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + 3 + use super::HasHrTimer; 4 + use super::HrTimer; 5 + use super::HrTimerCallback; 6 + use super::HrTimerHandle; 7 + use super::RawHrTimerCallback; 8 + use super::UnsafeHrTimerPointer; 9 + use crate::time::Ktime; 10 + use core::pin::Pin; 11 + 12 + /// A handle for a `Pin<&HasHrTimer>`. When the handle exists, the timer might be 13 + /// running. 14 + pub struct PinHrTimerHandle<'a, T> 15 + where 16 + T: HasHrTimer<T>, 17 + { 18 + pub(crate) inner: Pin<&'a T>, 19 + } 20 + 21 + // SAFETY: We cancel the timer when the handle is dropped. The implementation of 22 + // the `cancel` method will block if the timer handler is running. 23 + unsafe impl<'a, T> HrTimerHandle for PinHrTimerHandle<'a, T> 24 + where 25 + T: HasHrTimer<T>, 26 + { 27 + fn cancel(&mut self) -> bool { 28 + let self_ptr: *const T = self.inner.get_ref(); 29 + 30 + // SAFETY: As we got `self_ptr` from a reference above, it must point to 31 + // a valid `T`. 32 + let timer_ptr = unsafe { <T as HasHrTimer<T>>::raw_get_timer(self_ptr) }; 33 + 34 + // SAFETY: As `timer_ptr` is derived from a reference, it must point to 35 + // a valid and initialized `HrTimer`. 36 + unsafe { HrTimer::<T>::raw_cancel(timer_ptr) } 37 + } 38 + } 39 + 40 + impl<'a, T> Drop for PinHrTimerHandle<'a, T> 41 + where 42 + T: HasHrTimer<T>, 43 + { 44 + fn drop(&mut self) { 45 + self.cancel(); 46 + } 47 + } 48 + 49 + // SAFETY: We capture the lifetime of `Self` when we create a `PinHrTimerHandle`, 50 + // so `Self` will outlive the handle. 51 + unsafe impl<'a, T> UnsafeHrTimerPointer for Pin<&'a T> 52 + where 53 + T: Send + Sync, 54 + T: HasHrTimer<T>, 55 + T: HrTimerCallback<Pointer<'a> = Self>, 56 + { 57 + type TimerHandle = PinHrTimerHandle<'a, T>; 58 + 59 + unsafe fn start(self, expires: Ktime) -> Self::TimerHandle { 60 + // Cast to pointer 61 + let self_ptr: *const T = self.get_ref(); 62 + 63 + // SAFETY: 64 + // - As we derive `self_ptr` from a reference above, it must point to a 65 + // valid `T`. 66 + // - We keep `self` alive by wrapping it in a handle below. 67 + unsafe { T::start(self_ptr, expires) }; 68 + 69 + PinHrTimerHandle { inner: self } 70 + } 71 + } 72 + 73 + impl<'a, T> RawHrTimerCallback for Pin<&'a T> 74 + where 75 + T: HasHrTimer<T>, 76 + T: HrTimerCallback<Pointer<'a> = Self>, 77 + { 78 + type CallbackTarget<'b> = Self; 79 + 80 + unsafe extern "C" fn run(ptr: *mut bindings::hrtimer) -> bindings::hrtimer_restart { 81 + // `HrTimer` is `repr(C)` 82 + let timer_ptr = ptr as *mut HrTimer<T>; 83 + 84 + // SAFETY: By the safety requirement of this function, `timer_ptr` 85 + // points to a `HrTimer<T>` contained in an `T`. 86 + let receiver_ptr = unsafe { T::timer_container_of(timer_ptr) }; 87 + 88 + // SAFETY: 89 + // - By the safety requirement of this function, `timer_ptr` 90 + // points to a `HrTimer<T>` contained in an `T`. 91 + // - As per the safety requirements of the trait `HrTimerHandle`, the 92 + // `PinHrTimerHandle` associated with this timer is guaranteed to 93 + // be alive until this method returns. That handle borrows the `T` 94 + // behind `receiver_ptr`, thus guaranteeing the validity of 95 + // the reference created below. 96 + let receiver_ref = unsafe { &*receiver_ptr }; 97 + 98 + // SAFETY: `receiver_ref` only exists as pinned, so it is safe to pin it 99 + // here. 100 + let receiver_pin = unsafe { Pin::new_unchecked(receiver_ref) }; 101 + 102 + T::run(receiver_pin).into_c() 103 + } 104 + }

+108

rust/kernel/time/hrtimer/pin_mut.rs

···

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + 3 + use super::{ 4 + HasHrTimer, HrTimer, HrTimerCallback, HrTimerHandle, RawHrTimerCallback, UnsafeHrTimerPointer, 5 + }; 6 + use crate::time::Ktime; 7 + use core::{marker::PhantomData, pin::Pin, ptr::NonNull}; 8 + 9 + /// A handle for a `Pin<&mut HasHrTimer>`. When the handle exists, the timer might 10 + /// be running. 11 + pub struct PinMutHrTimerHandle<'a, T> 12 + where 13 + T: HasHrTimer<T>, 14 + { 15 + pub(crate) inner: NonNull<T>, 16 + _p: PhantomData<&'a mut T>, 17 + } 18 + 19 + // SAFETY: We cancel the timer when the handle is dropped. The implementation of 20 + // the `cancel` method will block if the timer handler is running. 21 + unsafe impl<'a, T> HrTimerHandle for PinMutHrTimerHandle<'a, T> 22 + where 23 + T: HasHrTimer<T>, 24 + { 25 + fn cancel(&mut self) -> bool { 26 + let self_ptr = self.inner.as_ptr(); 27 + 28 + // SAFETY: As we got `self_ptr` from a reference above, it must point to 29 + // a valid `T`. 30 + let timer_ptr = unsafe { <T as HasHrTimer<T>>::raw_get_timer(self_ptr) }; 31 + 32 + // SAFETY: As `timer_ptr` is derived from a reference, it must point to 33 + // a valid and initialized `HrTimer`. 34 + unsafe { HrTimer::<T>::raw_cancel(timer_ptr) } 35 + } 36 + } 37 + 38 + impl<'a, T> Drop for PinMutHrTimerHandle<'a, T> 39 + where 40 + T: HasHrTimer<T>, 41 + { 42 + fn drop(&mut self) { 43 + self.cancel(); 44 + } 45 + } 46 + 47 + // SAFETY: We capture the lifetime of `Self` when we create a 48 + // `PinMutHrTimerHandle`, so `Self` will outlive the handle. 49 + unsafe impl<'a, T> UnsafeHrTimerPointer for Pin<&'a mut T> 50 + where 51 + T: Send + Sync, 52 + T: HasHrTimer<T>, 53 + T: HrTimerCallback<Pointer<'a> = Self>, 54 + { 55 + type TimerHandle = PinMutHrTimerHandle<'a, T>; 56 + 57 + unsafe fn start(mut self, expires: Ktime) -> Self::TimerHandle { 58 + // SAFETY: 59 + // - We promise not to move out of `self`. We only pass `self` 60 + // back to the caller as a `Pin<&mut self>`. 61 + // - The return value of `get_unchecked_mut` is guaranteed not to be null. 62 + let self_ptr = unsafe { NonNull::new_unchecked(self.as_mut().get_unchecked_mut()) }; 63 + 64 + // SAFETY: 65 + // - As we derive `self_ptr` from a reference above, it must point to a 66 + // valid `T`. 67 + // - We keep `self` alive by wrapping it in a handle below. 68 + unsafe { T::start(self_ptr.as_ptr(), expires) }; 69 + 70 + PinMutHrTimerHandle { 71 + inner: self_ptr, 72 + _p: PhantomData, 73 + } 74 + } 75 + } 76 + 77 + impl<'a, T> RawHrTimerCallback for Pin<&'a mut T> 78 + where 79 + T: HasHrTimer<T>, 80 + T: HrTimerCallback<Pointer<'a> = Self>, 81 + { 82 + type CallbackTarget<'b> = Self; 83 + 84 + unsafe extern "C" fn run(ptr: *mut bindings::hrtimer) -> bindings::hrtimer_restart { 85 + // `HrTimer` is `repr(C)` 86 + let timer_ptr = ptr as *mut HrTimer<T>; 87 + 88 + // SAFETY: By the safety requirement of this function, `timer_ptr` 89 + // points to a `HrTimer<T>` contained in an `T`. 90 + let receiver_ptr = unsafe { T::timer_container_of(timer_ptr) }; 91 + 92 + // SAFETY: 93 + // - By the safety requirement of this function, `timer_ptr` 94 + // points to a `HrTimer<T>` contained in an `T`. 95 + // - As per the safety requirements of the trait `HrTimerHandle`, the 96 + // `PinMutHrTimerHandle` associated with this timer is guaranteed to 97 + // be alive until this method returns. That handle borrows the `T` 98 + // behind `receiver_ptr` mutably thus guaranteeing the validity of 99 + // the reference created below. 100 + let receiver_ref = unsafe { &mut *receiver_ptr }; 101 + 102 + // SAFETY: `receiver_ref` only exists as pinned, so it is safe to pin it 103 + // here. 104 + let receiver_pin = unsafe { Pin::new_unchecked(receiver_ref) }; 105 + 106 + T::run(receiver_pin).into_c() 107 + } 108 + }

+120

rust/kernel/time/hrtimer/tbox.rs

···

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + 3 + use super::HasHrTimer; 4 + use super::HrTimer; 5 + use super::HrTimerCallback; 6 + use super::HrTimerHandle; 7 + use super::HrTimerPointer; 8 + use super::RawHrTimerCallback; 9 + use crate::prelude::*; 10 + use crate::time::Ktime; 11 + use core::ptr::NonNull; 12 + 13 + /// A handle for a [`Box<HasHrTimer<T>>`] returned by a call to 14 + /// [`HrTimerPointer::start`]. 15 + /// 16 + /// # Invariants 17 + /// 18 + /// - `self.inner` comes from a `Box::into_raw` call. 19 + pub struct BoxHrTimerHandle<T, A> 20 + where 21 + T: HasHrTimer<T>, 22 + A: crate::alloc::Allocator, 23 + { 24 + pub(crate) inner: NonNull<T>, 25 + _p: core::marker::PhantomData<A>, 26 + } 27 + 28 + // SAFETY: We implement drop below, and we cancel the timer in the drop 29 + // implementation. 30 + unsafe impl<T, A> HrTimerHandle for BoxHrTimerHandle<T, A> 31 + where 32 + T: HasHrTimer<T>, 33 + A: crate::alloc::Allocator, 34 + { 35 + fn cancel(&mut self) -> bool { 36 + // SAFETY: As we obtained `self.inner` from a valid reference when we 37 + // created `self`, it must point to a valid `T`. 38 + let timer_ptr = unsafe { <T as HasHrTimer<T>>::raw_get_timer(self.inner.as_ptr()) }; 39 + 40 + // SAFETY: As `timer_ptr` points into `T` and `T` is valid, `timer_ptr` 41 + // must point to a valid `HrTimer` instance. 42 + unsafe { HrTimer::<T>::raw_cancel(timer_ptr) } 43 + } 44 + } 45 + 46 + impl<T, A> Drop for BoxHrTimerHandle<T, A> 47 + where 48 + T: HasHrTimer<T>, 49 + A: crate::alloc::Allocator, 50 + { 51 + fn drop(&mut self) { 52 + self.cancel(); 53 + // SAFETY: By type invariant, `self.inner` came from a `Box::into_raw` 54 + // call. 55 + drop(unsafe { Box::<T, A>::from_raw(self.inner.as_ptr()) }) 56 + } 57 + } 58 + 59 + impl<T, A> HrTimerPointer for Pin<Box<T, A>> 60 + where 61 + T: 'static, 62 + T: Send + Sync, 63 + T: HasHrTimer<T>, 64 + T: for<'a> HrTimerCallback<Pointer<'a> = Pin<Box<T, A>>>, 65 + A: crate::alloc::Allocator, 66 + { 67 + type TimerHandle = BoxHrTimerHandle<T, A>; 68 + 69 + fn start(self, expires: Ktime) -> Self::TimerHandle { 70 + // SAFETY: 71 + // - We will not move out of this box during timer callback (we pass an 72 + // immutable reference to the callback). 73 + // - `Box::into_raw` is guaranteed to return a valid pointer. 74 + let inner = 75 + unsafe { NonNull::new_unchecked(Box::into_raw(Pin::into_inner_unchecked(self))) }; 76 + 77 + // SAFETY: 78 + // - We keep `self` alive by wrapping it in a handle below. 79 + // - Since we generate the pointer passed to `start` from a valid 80 + // reference, it is a valid pointer. 81 + unsafe { T::start(inner.as_ptr(), expires) }; 82 + 83 + // INVARIANT: `inner` came from `Box::into_raw` above. 84 + BoxHrTimerHandle { 85 + inner, 86 + _p: core::marker::PhantomData, 87 + } 88 + } 89 + } 90 + 91 + impl<T, A> RawHrTimerCallback for Pin<Box<T, A>> 92 + where 93 + T: 'static, 94 + T: HasHrTimer<T>, 95 + T: for<'a> HrTimerCallback<Pointer<'a> = Pin<Box<T, A>>>, 96 + A: crate::alloc::Allocator, 97 + { 98 + type CallbackTarget<'a> = Pin<&'a mut T>; 99 + 100 + unsafe extern "C" fn run(ptr: *mut bindings::hrtimer) -> bindings::hrtimer_restart { 101 + // `HrTimer` is `repr(C)` 102 + let timer_ptr = ptr.cast::<super::HrTimer<T>>(); 103 + 104 + // SAFETY: By C API contract `ptr` is the pointer we passed when 105 + // queuing the timer, so it is a `HrTimer<T>` embedded in a `T`. 106 + let data_ptr = unsafe { T::timer_container_of(timer_ptr) }; 107 + 108 + // SAFETY: 109 + // - As per the safety requirements of the trait `HrTimerHandle`, the 110 + // `BoxHrTimerHandle` associated with this timer is guaranteed to 111 + // be alive until this method returns. That handle owns the `T` 112 + // behind `data_ptr` thus guaranteeing the validity of 113 + // the reference created below. 114 + // - As `data_ptr` comes from a `Pin<Box<T>>`, only pinned references to 115 + // `data_ptr` exist. 116 + let data_mut_ref = unsafe { Pin::new_unchecked(&mut *data_ptr) }; 117 + 118 + T::run(data_mut_ref).into_c() 119 + } 120 + }