Trusted Applications use popular approach to determine required size of buffer: client provides a memory reference with the NULL pointer to a buffer. This is so called "Null memory reference". TA updates the reference with the required size and returns it back to client. Then client allocates buffer of needed size and repeats the operation.
This behavior is described in TEE Client API Specification, paragraph 3.2.5. Memory References. OP-TEE represents this null memory reference as a TMEM parameter with buf_ptr == NULL. This is the only case when we should allow TMEM buffer without the OPTEE_MSG_ATTR_NONCONTIG flag. Signed-off-by: Volodymyr Babchuk <volodymyr_babc...@epam.com> --- xen/arch/arm/tee/optee.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c index af19fc31f8..fb7d491b25 100644 --- a/xen/arch/arm/tee/optee.c +++ b/xen/arch/arm/tee/optee.c @@ -865,9 +865,12 @@ static int translate_params(struct optee_domain *ctx, } else { - gdprintk(XENLOG_WARNING, "Guest tries to use old tmem arg\n"); - ret = -EINVAL; - goto out; + if ( call->xen_arg->params[i].u.tmem.buf_ptr ) + { + gdprintk(XENLOG_WARNING, "Guest tries to use old tmem arg\n"); + ret = -EINVAL; + goto out; + } } break; case OPTEE_MSG_ATTR_TYPE_NONE: