On Fri, Oct 04, 2019 at 09:37:42AM -0700, James Bottomley wrote: > On Thu, 2019-10-03 at 21:51 +0300, Jarkko Sakkinen wrote: > > As has been seen recently, binding the buffer allocation and tpm_buf > > together is sometimes far from optimal. > > Can you elaborate on this a bit more? I must have missed the > discussion. > > > The buffer might come from the caller namely when tpm_send() is used > > by another subsystem. In addition we can stability in call sites w/o > > rollback (e.g. power events)> > > > > Take allocation out of the tpm_buf framework and make it purely a > > wrapper for the data buffer. > > What you're doing here is taking a single object with a single lifetime > and creating two separate objects with separate lifetimes and a > dependency. The problem with doing that is that it always creates > subtle and hard to debug corner cases where the dependency gets > violated, so it's usually better to simplify the object lifetimes by > reducing the dependencies and combining as many dependent objects as > possible into a single object with one lifetime. Bucking this trend > for a good reason is OK, but I think a better reason than "is sometimes > far from optimal" is needed. Right, I see your point. We can just say instead in a comment that tpm_buf_init() is optional if you need to allocate the buffer and do not provide your own. Thanks for the remark. I have to agree with this. /Jarkko
