Trusted Applications use popular approach to determine required size
of buffer: client provides a memory reference with the NULL pointer to
a buffer. This is so called "Null memory reference". TA updates the
reference with the required size and returns it back to client. Then
client allocates buffer of needed size and repeats the operation.
This behavior is described in TEE Client API Specification, paragraph
3.2.5. Memory References.
OP-TEE represents this null memory reference as a TMEM parameter with
buf_ptr == NULL. This is the only case when we should allow TMEM
buffer without the OPTEE_MSG_ATTR_NONCONTIG flag.
Signed-off-by: Volodymyr Babchuk <volodymyr_babc...@epam.com>
---
xen/arch/arm/tee/optee.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
index af19fc31f8..fb7d491b25 100644
--- a/xen/arch/arm/tee/optee.c
+++ b/xen/arch/arm/tee/optee.c
@@ -865,9 +865,12 @@ static int translate_params(struct optee_domain
*ctx,
}
else
{
- gdprintk(XENLOG_WARNING, "Guest tries to use old tmem
arg\n");
- ret = -EINVAL;
- goto out;
+ if ( call->xen_arg->params[i].u.tmem.buf_ptr )
+ {
+ gdprintk(XENLOG_WARNING, "Guest tries to use old
tmem arg\n");
+ ret = -EINVAL;
+ goto out;
+ }
}
break;
case OPTEE_MSG_ATTR_TYPE_NONE:
