DPDK-dev Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] net/ark: fix unsafe env variable in extension loading
@ 2026-06-03  5:26 Denis Sergeev
  2026-06-03  5:32 ` [PATCH v2] " Denis Sergeev
  2026-06-03 15:30 ` [PATCH] " Stephen Hemminger
  0 siblings, 2 replies; 3+ messages in thread
From: Denis Sergeev @ 2026-06-03  5:26 UTC (permalink / raw)
  To: dev; +Cc: shepard.siegel, ed.czeck, john.miller, stable, sdl.dpdk,
	Denis Sergeev

The ARK_EXT_PATH environment variable is passed to dlopen without
verifying process privileges. In a setuid/setgid scenario, this
could allow loading an arbitrary shared library with elevated
privileges.

Add a check that effective user/group IDs match real IDs before
trusting the environment variable, consistent with the same
protection already present in the mlx5 driver.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 727b3fe292 ("net/ark: integrate PMD")
Cc: stable@dpdk.org

Signed-off-by: Denis Sergeev <denserg.edu@gmail.com>
---
 drivers/net/ark/ark_ethdev.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ark/ark_ethdev.c b/drivers/net/ark/ark_ethdev.c
index 8b25ed948f..e25478103b 100644
--- a/drivers/net/ark/ark_ethdev.c
+++ b/drivers/net/ark/ark_ethdev.c
@@ -211,9 +211,19 @@ static int
 check_for_ext(struct ark_adapter *ark)
 {
 	int found = 0;
+	const char *dllpath;
+
+	/*
+	 * A basic security check is necessary before trusting
+	 * ARK_EXT_PATH environment variable.
+	 */
+	if (geteuid() != getuid() || getegid() != getgid()) {
+		ARK_PMD_LOG(DEBUG, "EXT ignoring ARK_EXT_PATH under setuid/setgid\n");
+		return 0;
+	}
 
 	/* Get the env */
-	const char *dllpath = getenv("ARK_EXT_PATH");
+	dllpath = getenv("ARK_EXT_PATH");
 
 	if (dllpath == NULL) {
 		ARK_PMD_LOG(DEBUG, "EXT NO dll path specified\n");
-- 
2.50.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH v2] net/ark: fix unsafe env variable in extension loading
  2026-06-03  5:26 [PATCH] net/ark: fix unsafe env variable in extension loading Denis Sergeev
@ 2026-06-03  5:32 ` Denis Sergeev
  2026-06-03 15:30 ` [PATCH] " Stephen Hemminger
  1 sibling, 0 replies; 3+ messages in thread
From: Denis Sergeev @ 2026-06-03  5:32 UTC (permalink / raw)
  To: dev; +Cc: shepard.siegel, ed.czeck, john.miller, stable, sdl.dpdk,
	Denis Sergeev

The ARK_EXT_PATH environment variable is passed to dlopen without
verifying process privileges. In a setuid/setgid scenario, this
could allow loading an arbitrary shared library with elevated
privileges.

Add a check that effective user/group IDs match real IDs before
trusting the environment variable, consistent with the same
protection already present in the mlx5 driver.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 727b3fe292bc ("net/ark: integrate PMD")
Cc: stable@dpdk.org

Signed-off-by: Denis Sergeev <denserg.edu@gmail.com>
---
v2:
  * Fix Fixes: tag to use 12-char sha1 (checkpatch BAD_FIXES_TAG)

 drivers/net/ark/ark_ethdev.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ark/ark_ethdev.c b/drivers/net/ark/ark_ethdev.c
index 8b25ed948f..e25478103b 100644
--- a/drivers/net/ark/ark_ethdev.c
+++ b/drivers/net/ark/ark_ethdev.c
@@ -211,9 +211,19 @@ static int
 check_for_ext(struct ark_adapter *ark)
 {
 	int found = 0;
+	const char *dllpath;
+
+	/*
+	 * A basic security check is necessary before trusting
+	 * ARK_EXT_PATH environment variable.
+	 */
+	if (geteuid() != getuid() || getegid() != getgid()) {
+		ARK_PMD_LOG(DEBUG, "EXT ignoring ARK_EXT_PATH under setuid/setgid\n");
+		return 0;
+	}
 
 	/* Get the env */
-	const char *dllpath = getenv("ARK_EXT_PATH");
+	dllpath = getenv("ARK_EXT_PATH");
 
 	if (dllpath == NULL) {
 		ARK_PMD_LOG(DEBUG, "EXT NO dll path specified\n");
-- 
2.50.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] net/ark: fix unsafe env variable in extension loading
  2026-06-03  5:26 [PATCH] net/ark: fix unsafe env variable in extension loading Denis Sergeev
  2026-06-03  5:32 ` [PATCH v2] " Denis Sergeev
@ 2026-06-03 15:30 ` Stephen Hemminger
  1 sibling, 0 replies; 3+ messages in thread
From: Stephen Hemminger @ 2026-06-03 15:30 UTC (permalink / raw)
  To: Denis Sergeev
  Cc: dev, shepard.siegel, ed.czeck, john.miller, stable, sdl.dpdk

On Wed,  3 Jun 2026 08:26:00 +0300
Denis Sergeev <denserg.edu@gmail.com> wrote:

> diff --git a/drivers/net/ark/ark_ethdev.c b/drivers/net/ark/ark_ethdev.c
> index 8b25ed948f..e25478103b 100644
> --- a/drivers/net/ark/ark_ethdev.c
> +++ b/drivers/net/ark/ark_ethdev.c
> @@ -211,9 +211,19 @@ static int
>  check_for_ext(struct ark_adapter *ark)
>  {
>  	int found = 0;
> +	const char *dllpath;
> +
> +	/*
> +	 * A basic security check is necessary before trusting
> +	 * ARK_EXT_PATH environment variable.
> +	 */
> +	if (geteuid() != getuid() || getegid() != getgid()) {
> +		ARK_PMD_LOG(DEBUG, "EXT ignoring ARK_EXT_PATH under setuid/setgid\n");
> +		return 0;
> +	}
>  

DPDK may be run in containers. This would break that.

The whole dlopen extension stuff in this driver is rubbish and should not have been allowed in.
It creates testing and security nightmares.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-06-03 15:51 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-03  5:26 [PATCH] net/ark: fix unsafe env variable in extension loading Denis Sergeev
2026-06-03  5:32 ` [PATCH v2] " Denis Sergeev
2026-06-03 15:30 ` [PATCH] " Stephen Hemminger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox