|SUCCESS| net/ark: fix unsafe env variable in extension loading

[dpdklab at iol.unh.edu]

Test-Label: ai-code-review
Test-Status: SUCCESS
https://dpdk.org/patch/164872

_AI Code Review_

=== Patch Review: series.patch (via Claude) ===
Review date: 2026-06-03

Review of patch fixing unsafe environment variable in ARK driver extension loading:

commit: (from patchwork, ID 164872)
Author: Denis Sergeev <denserg.edu at gmail.com>

net/ark: fix unsafe env variable in extension loading

The patch adds privilege checks before trusting the ARK_EXT_PATH
environment variable to prevent potential privilege escalation in
setuid/setgid scenarios.

> diff --git a/drivers/net/ark/ark_ethdev.c b/drivers/net/ark/ark_ethdev.c
> index 8b25ed948f..e25478103b 100644
> --- a/drivers/net/ark/ark_ethdev.c
> +++ b/drivers/net/ark/ark_ethdev.c
> @@ -211,9 +211,19 @@ static int
>  check_for_ext(struct ark_adapter *ark)
>  {
>  	int found = 0;
> +	const char *dllpath;
> +
> +	/*
> +	 * A basic security check is necessary before trusting
> +	 * ARK_EXT_PATH environment variable.
> +	 */
> +	if (geteuid() != getuid() || getegid() != getgid()) {
> +		ARK_PMD_LOG(DEBUG, "EXT ignoring ARK_EXT_PATH under setuid/setgid\n");

The log message contains a trailing newline character, but according to
the DPDK logging conventions, the newline should not be included as it is
automatically added by the logging framework. Does this duplicate newline
affect log formatting?

> +		return 0;
> +	}
>  
>  	/* Get the env */
> -	const char *dllpath = getenv("ARK_EXT_PATH");
> +	dllpath = getenv("ARK_EXT_PATH");
>  
>  	if (dllpath == NULL) {
>  		ARK_PMD_LOG(DEBUG, "EXT NO dll path specified\n");

The coding style requires declarations to be at the start of the block,
which has been properly addressed by moving the dllpath declaration. The
security check logic follows the same pattern used in mlx5, which is
appropriate for consistency.