|SUCCESS| [v2] net/ark: fix unsafe env variable in extension loading

[dpdklab at iol.unh.edu]

Test-Label: ai-code-review
Test-Status: SUCCESS
https://dpdk.org/patch/164874

_AI Code Review_

=== Patch Review: series.patch (via Claude) ===
Review date: 2026-06-03

commit: e25478103b
Author: Denis Sergeev <denserg.edu at gmail.com>
Subject: [PATCH v2] net/ark: fix unsafe env variable in extension loading

This patch adds privilege checking before trusting the ARK_EXT_PATH
environment variable during dynamic library loading.

> diff --git a/drivers/net/ark/ark_ethdev.c b/drivers/net/ark/ark_ethdev.c
> index 8b25ed948f..e25478103b 100644
> --- a/drivers/net/ark/ark_ethdev.c
> +++ b/drivers/net/ark/ark_ethdev.c
> @@ -211,9 +211,19 @@ static int
>  check_for_ext(struct ark_adapter *ark)
>  {
>  	int found = 0;
> +	const char *dllpath;
> +
> +	/*
> +	 * A basic security check is necessary before trusting
> +	 * ARK_EXT_PATH environment variable.
> +	 */
> +	if (geteuid() != getuid() || getegid() != getgid()) {
> +		ARK_PMD_LOG(DEBUG, "EXT ignoring ARK_EXT_PATH under setuid/setgid\n");

The debug message ends with '\n' but ARK_PMD_LOG may already append a
newline. Does this result in a double newline in the log output?

> +		return 0;
> +	}
>  
>  	/* Get the env */
> -	const char *dllpath = getenv("ARK_EXT_PATH");
> +	dllpath = getenv("ARK_EXT_PATH");

The variable declaration was moved outside the "Get the env" section but
remains functionally correct. However, in DPDK coding style, declarations
typically remain together unless there's a clear reason to separate them.
Is there a specific reason the declaration is now separate from its
initialization via getenv?