It's very easy to accidentally drop a grant on the floor instead of consuming it with commit or release. If this happens, the grant's reservation will stay in place and effectively lock up the queue, since no further grant of that type can be made. It would be nice to prevent this. I can see several options to do that:

• Add an impl Drop for Grant* which unconditionally panics (commit and release can call mem::forget to "defuse" the grant) - this effectively makes the usage error show up much earlier, but doesn't prevent it
• Make grants GrantX<'a> and give them a mutable reference to the consumer/producer or queue they came from; Have them call release(self.len(), self) or commit(self.len(), self) on drop by default
• Write an RFC to add real linear types to Rust, implement it, stabilize it and use it here (this is clearly the simplest option)

I was just looking into this a bit, about your point 2 it seems quite good - but it would not allow for the grant to be given to an ISR driver (and wait for DMA to finish).
I think option 1 is best for now, but maybe more ideas have come up since March?

This should be addressed in v0.4.0, as the grants now implement Drop. However, I have chosen to implement this as commiting 0 bytes, as we can't be sure how many bytes the user wanted to commit, so none is the safest option.

See #37 for tracking progress on this.