xnu-3247.1.106.tar.gz

[apple/xnu.git] / osfmk / x86_64 / copyio.c

diff --git a/osfmk/x86_64/copyio.c b/osfmk/x86_64/copyio.c
index 66a4dd7ac8e86b49671827af5c931aa60269feeb..20e246b6e8e32132abd52afef510f755c38c2052 100644 (file)
--- a/osfmk/x86_64/copyio.c
+++ b/osfmk/x86_64/copyio.c
@@ -44,6 +44,16 @@
 static int copyio(int, user_addr_t, char *, vm_size_t, vm_size_t *, int);
 static int copyio_phys(addr64_t, addr64_t, vm_size_t, int);
 
+/*
+ * Copy sizes bigger than this value will cause a kernel panic.
+ *
+ * Yes, this is an arbitrary fixed limit, but it's almost certainly
+ * a programming error to be copying more than this amount between
+ * user and wired kernel memory in a single invocation on this
+ * platform.
+ */
+#define COPYSIZELIMIT_PANIC     (64*MB)
+
 /*
  * The copy engine has the following characteristics
  *   - copyio() handles copies to/from user or kernel space
@@ -144,6 +154,8 @@ copyio(int copy_type, user_addr_t user_addr, char *kernel_addr,
        debug_type += (copy_type << 2);
 #endif
 
+       assert(nbytes < COPYSIZELIMIT_PANIC);
+
        thread = current_thread();
 
        KERNEL_DEBUG(debug_type | DBG_FUNC_START,