X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/c18c124eaa464aaaa5549e99e5a70fc9cbb50944..3e170ce000f1506b7b5d2c5c7faec85ceabb573d:/osfmk/x86_64/copyio.c

diff --git a/osfmk/x86_64/copyio.c b/osfmk/x86_64/copyio.c
index 66a4dd7ac..20e246b6e 100644
--- a/osfmk/x86_64/copyio.c
+++ b/osfmk/x86_64/copyio.c
@@ -44,6 +44,16 @@
 static int copyio(int, user_addr_t, char *, vm_size_t, vm_size_t *, int);
 static int copyio_phys(addr64_t, addr64_t, vm_size_t, int);
 
+/*
+ * Copy sizes bigger than this value will cause a kernel panic.
+ *
+ * Yes, this is an arbitrary fixed limit, but it's almost certainly
+ * a programming error to be copying more than this amount between
+ * user and wired kernel memory in a single invocation on this
+ * platform.
+ */
+#define COPYSIZELIMIT_PANIC     (64*MB)
+
 /*
  * The copy engine has the following characteristics
  *   - copyio() handles copies to/from user or kernel space
@@ -144,6 +154,8 @@ copyio(int copy_type, user_addr_t user_addr, char *kernel_addr,
 	debug_type += (copy_type << 2);
 #endif
 
+	assert(nbytes < COPYSIZELIMIT_PANIC);
+
 	thread = current_thread();
 
 	KERNEL_DEBUG(debug_type | DBG_FUNC_START,