On Thu, 2019-10-03 at 21:51 +0300, Jarkko Sakkinen wrote: > As has been seen recently, binding the buffer allocation and tpm_buf > together is sometimes far from optimal. Can you elaborate on this a bit more? I must have missed the discussion. > The buffer might come from the caller namely when tpm_send() is used > by another subsystem. In addition we can stability in call sites w/o > rollback (e.g. power events)> > > Take allocation out of the tpm_buf framework and make it purely a > wrapper for the data buffer. What you're doing here is taking a single object with a single lifetime and creating two separate objects with separate lifetimes and a dependency. The problem with doing that is that it always creates subtle and hard to debug corner cases where the dependency gets violated, so it's usually better to simplify the object lifetimes by reducing the dependencies and combining as many dependent objects as possible into a single object with one lifetime. Bucking this trend for a good reason is OK, but I think a better reason than "is sometimes far from optimal" is needed. James
