Input: document and check on implicitly defined FF_MAX_EFFECTS
There is an undocumented upper bound for the total number of ff effects:
FF_GAIN (= 96).
This can be found as follows:
- user: write(EV_FF, effect_id, iterations)
calls kernel: ff->playback(effect_id, ...): starts effect "effect_id"
- user: write(EV_FF, FF_GAIN, gain)
calls kernel: ff->set_gain(gain, ...): sets gain
A collision occurs when effect_id equals FF_GAIN.
According to input_ff_event(),
FF_GAIN is the smallest value where a collision occurs.
Therefore the greatest safe value for effect_id is FF_GAIN - 1,
and thus the total number of effects should never exceed FF_GAIN.
Define FF_MAX_EFFECTS as FF_GAIN and check on this limit in ff-core.
Signed-off-by: Elias Vanderstuyft <elias.vds@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>diff --git a/drivers/input/ff-core.c b/drivers/input/ff-core.c
index eab56c0..8f20424 100644
--- a/drivers/input/ff-core.c
+++ b/drivers/input/ff-core.c
@@ -318,6 +318,11 @@
return -EINVAL;
}
+ if (max_effects > FF_MAX_EFFECTS) {
+ dev_err(&dev->dev, "cannot allocate more than FF_MAX_EFFECTS effects\n");
+ return -EINVAL;
+ }
+
ff_dev_size = sizeof(struct ff_device) +
max_effects * sizeof(struct file *);
if (ff_dev_size < max_effects) /* overflow */