Generally, you don't wish to keep a pointer that is passed this way. It is better to pass a buffer index and copy it in the monitor portion. If the normal OS resumes, the pointed to memory may change and this can result in various overflows and condition checks being avoided.
For this reason, it is often better to pass information by value if possible. If you must pass buffers, it is best to use some lock free structures in memory shared between the normal and secure world. The buffer is fixed and indexed. The SMC call is done to make the secure world aware of the state change. It copies the buffers and updates the structure in shared memory to say it is free. The buffer is then validated in the private copy and acted on.
Generally, acting on a normal world address is not a good idea. This is very error prone and should be avoided. This is why micro-kernels use message passing which copies buffers all the time.