From: Andreas Hindborg <a.hindborg@kernel.org>
To: "Benno Lossin" <benno.lossin@proton.me>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Anna-Maria Behnsen" <anna-maria@linutronix.de>,
"Frederic Weisbecker" <frederic@kernel.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Danilo Krummrich" <dakr@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Lyude Paul" <lyude@redhat.com>,
"Guangbo Cui" <2407018371@qq.com>,
"Dirk Behme" <dirk.behme@gmail.com>,
"Daniel Almeida" <daniel.almeida@collabora.com>,
"Tamir Duberstein" <tamird@gmail.com>,
"Markus Elfring" <Markus.Elfring@web.de>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v10 07/13] rust: hrtimer: implement `UnsafeHrTimerPointer` for `Pin<&T>`
Date: Fri, 07 Mar 2025 14:37:35 +0100 [thread overview]
Message-ID: <87msdx3qsg.fsf@kernel.org> (raw)
In-Reply-To: <D8A25UNDIJHK.216EX6YG4EJ6E@proton.me> (Benno Lossin's message of "Fri, 07 Mar 2025 13:12:01 +0000")
"Benno Lossin" <benno.lossin@proton.me> writes:
> On Fri Mar 7, 2025 at 11:11 AM CET, Andreas Hindborg wrote:
>> Allow pinned references to structs that contain a `HrTimer` node to be
>> scheduled with the `hrtimer` subsystem.
>>
>> Acked-by: Frederic Weisbecker <frederic@kernel.org>
>> Reviewed-by: Lyude Paul <lyude@redhat.com>
>> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
>> ---
>> rust/kernel/time/hrtimer.rs | 2 +
>> rust/kernel/time/hrtimer/pin.rs | 99 +++++++++++++++++++++++++++++++++++++++++
>> 2 files changed, 101 insertions(+)
>>
>> diff --git a/rust/kernel/time/hrtimer.rs b/rust/kernel/time/hrtimer.rs
>> index d90a25785f87..2ca56397eade 100644
>> --- a/rust/kernel/time/hrtimer.rs
>> +++ b/rust/kernel/time/hrtimer.rs
>> @@ -439,3 +439,5 @@ unsafe fn timer_container_of(ptr: *mut $crate::time::hrtimer::HrTimer<$timer_typ
>>
>> mod arc;
>> pub use arc::ArcHrTimerHandle;
>> +mod pin;
>> +pub use pin::PinHrTimerHandle;
>> diff --git a/rust/kernel/time/hrtimer/pin.rs b/rust/kernel/time/hrtimer/pin.rs
>> new file mode 100644
>> index 000000000000..6c9f2190f8e1
>> --- /dev/null
>> +++ b/rust/kernel/time/hrtimer/pin.rs
>> @@ -0,0 +1,99 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +
>> +use super::HasHrTimer;
>> +use super::HrTimer;
>> +use super::HrTimerCallback;
>> +use super::HrTimerHandle;
>> +use super::RawHrTimerCallback;
>> +use super::UnsafeHrTimerPointer;
>> +use crate::time::Ktime;
>> +use core::pin::Pin;
>> +
>> +/// A handle for a `Pin<&HasHrTimer>`. When the handle exists, the timer might be
>> +/// running.
>> +pub struct PinHrTimerHandle<'a, T>
>> +where
>> + T: HasHrTimer<T>,
>> +{
>> + pub(crate) inner: Pin<&'a T>,
>> +}
>> +
>> +// SAFETY: We cancel the timer when the handle is dropped. The implementation of
>> +// the `cancel` method will block if the timer handler is running.
>> +unsafe impl<'a, T> HrTimerHandle for PinHrTimerHandle<'a, T>
>> +where
>> + T: HasHrTimer<T>,
>> +{
>> + fn cancel(&mut self) -> bool {
>> + let self_ptr: *const T = self.inner.get_ref();
>> +
>> + // SAFETY: As we got `self_ptr` from a reference above, it must point to
>> + // a valid `T`.
>> + let timer_ptr = unsafe { <T as HasHrTimer<T>>::raw_get_timer(self_ptr) };
>> +
>> + // SAFETY: As `timer_ptr` is derived from a reference, it must point to
>> + // a valid and initialized `HrTimer`.
>> + unsafe { HrTimer::<T>::raw_cancel(timer_ptr) }
>> + }
>> +}
>> +
>> +impl<'a, T> Drop for PinHrTimerHandle<'a, T>
>> +where
>> + T: HasHrTimer<T>,
>> +{
>> + fn drop(&mut self) {
>> + self.cancel();
>> + }
>> +}
>> +
>> +// SAFETY: We capture the lifetime of `Self` when we create a `PinHrTimerHandle`,
>> +// so `Self` will outlive the handle.
>> +unsafe impl<'a, T> UnsafeHrTimerPointer for Pin<&'a T>
>> +where
>> + T: Send + Sync,
>> + T: HasHrTimer<T>,
>> + T: HrTimerCallback<Pointer<'a> = Self>,
>> + Pin<&'a T>: RawHrTimerCallback<CallbackTarget<'a> = Self>,
>> +{
>> + type TimerHandle = PinHrTimerHandle<'a, T>;
>> +
>> + unsafe fn start(self, expires: Ktime) -> Self::TimerHandle {
>> + // Cast to pointer
>> + let self_ptr: *const T = <Self as core::ops::Deref>::deref(&self);
>
> Why use deref? `get_ref` seems much cleaner.
Sure.
>
>> +
>> + // SAFETY:
>> + // - As we derive `self_ptr` from a reference above, it must point to a
>> + // valid `T`.
>> + // - We keep `self` alive by wrapping it in a handle below.
>> + unsafe { T::start(self_ptr, expires) };
>> +
>> + PinHrTimerHandle { inner: self }
>> + }
>> +}
>> +
>> +impl<'a, T> RawHrTimerCallback for Pin<&'a T>
>> +where
>> + T: HasHrTimer<T>,
>> + T: HrTimerCallback<Pointer<'a> = Self>,
>> +{
>> + type CallbackTarget<'b> = Self;
>> +
>> + unsafe extern "C" fn run(ptr: *mut bindings::hrtimer) -> bindings::hrtimer_restart {
>> + // `HrTimer` is `repr(C)`
>> + let timer_ptr = ptr as *mut HrTimer<T>;
>> +
>> + // SAFETY: By the safety requirement of this function, `timer_ptr`
>> + // points to a `HrTimer<T>` contained in an `T`.
>> + let receiver_ptr = unsafe { T::timer_container_of(timer_ptr) };
>> +
>> + // SAFETY: By the safety requirement of this function, `timer_ptr`
>> + // points to a `HrTimer<T>` contained in an `T`.
>
> This justification seems wrong it talks about `HrTimer<T>`, but here we
> have a `*const T`... Also see [1] (I am mainly interested in your
> justification for the lifetime).
>
> [1]: https://doc.rust-lang.org/std/ptr/index.html#pointer-to-reference-conversion
How is this:
// SAFETY:
// - By the safety requirement of this function, `timer_ptr`
// points to a `HrTimer<T>` contained in an `T`.
// - The `PinHrTimerHandle` associated with this timer is guaranteed to
// be alive until this method returns. As the handle borrows from
// `T`, `T` is also guaranteed to be alive for the duration of this
// function.
Best regards,
Andreas Hindborg
next prev parent reply other threads:[~2025-03-07 13:37 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-07 10:11 [PATCH v10 00/13] hrtimer Rust API Andreas Hindborg
2025-03-07 10:11 ` [PATCH v10 01/13] rust: hrtimer: introduce hrtimer support Andreas Hindborg
2025-03-07 12:43 ` Benno Lossin
2025-03-07 13:10 ` Andreas Hindborg
2025-03-07 13:46 ` Benno Lossin
2025-03-07 14:17 ` Andreas Hindborg
2025-03-07 10:11 ` [PATCH v10 02/13] rust: sync: add `Arc::as_ptr` Andreas Hindborg
2025-03-07 10:11 ` [PATCH v10 03/13] rust: hrtimer: implement `HrTimerPointer` for `Arc` Andreas Hindborg
2025-03-07 13:03 ` Benno Lossin
2025-03-07 13:27 ` Andreas Hindborg
2025-03-07 13:36 ` Benno Lossin
2025-03-07 14:16 ` Andreas Hindborg
2025-03-07 14:24 ` Benno Lossin
2025-03-07 10:11 ` [PATCH v10 04/13] rust: hrtimer: allow timer restart from timer handler Andreas Hindborg
2025-03-07 13:03 ` Benno Lossin
2025-03-07 10:11 ` [PATCH v10 05/13] rust: hrtimer: add `UnsafeHrTimerPointer` Andreas Hindborg
2025-03-07 10:11 ` [PATCH v10 06/13] rust: hrtimer: add `hrtimer::ScopedHrTimerPointer` Andreas Hindborg
2025-03-07 10:11 ` [PATCH v10 07/13] rust: hrtimer: implement `UnsafeHrTimerPointer` for `Pin<&T>` Andreas Hindborg
2025-03-07 13:12 ` Benno Lossin
2025-03-07 13:37 ` Andreas Hindborg [this message]
2025-03-07 13:51 ` Benno Lossin
2025-03-07 14:21 ` Andreas Hindborg
2025-03-07 14:25 ` Benno Lossin
2025-03-07 10:11 ` [PATCH v10 08/13] rust: hrtimer: implement `UnsafeHrTimerPointer` for `Pin<&mut T>` Andreas Hindborg
2025-03-07 13:15 ` Benno Lossin
2025-03-07 13:41 ` Andreas Hindborg
2025-03-07 13:49 ` Benno Lossin
2025-03-07 14:20 ` Andreas Hindborg
2025-03-07 10:11 ` [PATCH v10 09/13] rust: alloc: add `Box::into_pin` Andreas Hindborg
2025-03-07 10:11 ` [PATCH v10 10/13] rust: hrtimer: implement `HrTimerPointer` for `Pin<Box<T>>` Andreas Hindborg
2025-03-07 13:21 ` Benno Lossin
2025-03-07 14:01 ` Andreas Hindborg
2025-03-07 14:29 ` Benno Lossin
2025-03-07 15:33 ` Andreas Hindborg
2025-03-07 10:11 ` [PATCH v10 11/13] rust: hrtimer: add `HrTimerMode` Andreas Hindborg
2025-03-07 13:22 ` Benno Lossin
2025-03-07 10:11 ` [PATCH v10 12/13] rust: hrtimer: add clocksource selection through `ClockId` Andreas Hindborg
2025-03-07 13:23 ` Benno Lossin
2025-03-07 10:11 ` [PATCH v10 13/13] rust: hrtimer: add maintainer entry Andreas Hindborg
2025-03-07 13:28 ` Benno Lossin
2025-03-07 14:10 ` Andreas Hindborg
2025-03-07 14:14 ` Benno Lossin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87msdx3qsg.fsf@kernel.org \
--to=a.hindborg@kernel.org \
--cc=2407018371@qq.com \
--cc=Markus.Elfring@web.de \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=anna-maria@linutronix.de \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=dirk.behme@gmail.com \
--cc=frederic@kernel.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lyude@redhat.com \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tamird@gmail.com \
--cc=tglx@linutronix.de \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.