From: Ian Rogers <irogers@xxxxxxxxxx> [ Upstream commit 1e6f5dcc1b9ec9068f5d38331cec38b35498edf5 ] The bpf_caps array is shorter without CAP_BPF, avoid out of bounds reads if this isn't defined. Working around this avoids -Wno-array-bounds with clang. Signed-off-by: Ian Rogers <irogers@xxxxxxxxxx> Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx> Reviewed-by: Tobias Klauser <tklauser@xxxxxxxxxx> Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx> Link: https://lore.kernel.org/bpf/20201027233646.3434896-1-irogers@xxxxxxxxxx Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- tools/bpf/bpftool/feature.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/bpf/bpftool/feature.c b/tools/bpf/bpftool/feature.c index a43a6f10b564c..359960a8f1def 100644 --- a/tools/bpf/bpftool/feature.c +++ b/tools/bpf/bpftool/feature.c @@ -843,9 +843,14 @@ static int handle_perms(void) else p_err("missing %s%s%s%s%s%s%s%srequired for full feature probing; run as root or use 'unprivileged'", capability_msg(bpf_caps, 0), +#ifdef CAP_BPF capability_msg(bpf_caps, 1), capability_msg(bpf_caps, 2), - capability_msg(bpf_caps, 3)); + capability_msg(bpf_caps, 3) +#else + "", "", "", "", "", "" +#endif /* CAP_BPF */ + ); goto exit_free; } -- 2.27.0
