{"id":1633,"url":"https://patchwork.libcamera.org/api/1.1/covers/1633/?format=json","web_url":"https://patchwork.libcamera.org/cover/1633/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/1.1/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20190709184450.32023-1-paul.elder@ideasonboard.com>","date":"2019-07-09T18:44:43","name":"[libcamera-devel,v3,0/7] Add IPA process isolation","submitter":{"id":17,"url":"https://patchwork.libcamera.org/api/1.1/people/17/?format=json","name":"Paul Elder","email":"paul.elder@ideasonboard.com"},"mbox":"https://patchwork.libcamera.org/cover/1633/mbox/","series":[{"id":410,"url":"https://patchwork.libcamera.org/api/1.1/series/410/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=410","date":"2019-07-09T18:44:43","name":"Add IPA process isolation","version":3,"mbox":"https://patchwork.libcamera.org/series/410/mbox/"}],"comments":"https://patchwork.libcamera.org/api/covers/1633/comments/","headers":{"Return-Path":"<paul.elder@ideasonboard.com>","Received":["from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 3B7196156F\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tTue,  9 Jul 2019 20:45:00 +0200 (CEST)","from neptunite.amanokami.net (softbank126163157105.bbtec.net\n\t[126.163.157.105])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 3B8C656A;\n\tTue,  9 Jul 2019 20:44:57 +0200 (CEST)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1562697899;\n\tbh=r/TmMArLBgA2oYQUy2IJCBSJW+JjaiWaKa9IPrASxCs=;\n\th=From:To:Cc:Subject:Date:From;\n\tb=h4by2gPLdfCC1Vc1ZW4KoQiwpbbQYUa+tojxrAXpYCi5kVLAObJYCAHu1m+TQhdYW\n\tGh1jAOyJLnIkOacP8tqvGHCAg2KB0mxmCGpLbXLn5gKlFMSP+vzs5ASTNyxYdXf0iR\n\t3L+Ipv/rMdMNhoG6eoE146l9+bYYQn85aTc0peOI=","From":"Paul Elder <paul.elder@ideasonboard.com>","To":"libcamera-devel@lists.libcamera.org","Date":"Wed, 10 Jul 2019 03:44:43 +0900","Message-Id":"<20190709184450.32023-1-paul.elder@ideasonboard.com>","X-Mailer":"git-send-email 2.20.1","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Subject":"[libcamera-devel] [PATCH v3 0/7] Add IPA process isolation","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.23","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","X-List-Received-Date":"Tue, 09 Jul 2019 18:45:00 -0000"},"content":"We need to be able to isolate untrusted IPA implementations into a\nseparate process. To achieve this, we use an IPA proxy, that acts like a\nregular IPAInterface to the pipeline handler, but will initialize and\ncommunicate with the real IPA module in a separate, isolated process.\n\nChanges in v2:\n- renamed Shim to Proxy\n- build proxies into libcamera, and not into separate .so\n- add Process and ProcessManager\n- add license field to IPAModuleInfo (as opposed to a \"please isolate me\" flag)\n- use IPCUnixSocket (it's only initialized for now)\n- moved out some patches into their own series\n\nPaul Elder (7):\n  libcamera: ipa_module_info: add license field\n  libcamera: Add Process and ProcessManager classes\n  libcamera: add IPA proxy\n  libcamera: proxy: add default linux IPA proxy\n  libcamera: ipa_manager: use proxy\n  libcamera: ipa: add dummy IPA that needs to be isolated\n  libcamera: ipa: meson: build dummy IPA that needs isolation\n\n Documentation/Doxyfile.in                     |   3 +-\n include/libcamera/ipa/ipa_module_info.h       |   1 +\n src/ipa/ipa_dummy.cpp                         |   1 +\n src/ipa/ipa_dummy_isolate.cpp                 |  46 +++\n src/ipa/meson.build                           |  21 +-\n src/libcamera/include/ipa_proxy.h             |  66 ++++\n src/libcamera/include/process.h               |  61 +++\n src/libcamera/ipa_manager.cpp                 |  46 ++-\n src/libcamera/ipa_module.cpp                  |  21 +\n src/libcamera/ipa_proxy.cpp                   | 204 ++++++++++\n src/libcamera/meson.build                     |   8 +\n src/libcamera/process.cpp                     | 359 ++++++++++++++++++\n src/libcamera/process_manager.cpp             |   0\n src/libcamera/proxy/ipa_proxy_linux.cpp       |  96 +++++\n src/libcamera/proxy/meson.build               |   3 +\n .../proxy/worker/ipa_proxy_linux_worker.cpp   |  89 +++++\n src/libcamera/proxy/worker/meson.build        |  16 +\n test/ipa/ipa_test.cpp                         |   1 +\n test/libtest/test.cpp                         |   4 +\n test/meson.build                              |   1 +\n test/process/meson.build                      |  12 +\n test/process/process_test.cpp                 |  95 +++++\n 22 files changed, 1142 insertions(+), 12 deletions(-)\n create mode 100644 src/ipa/ipa_dummy_isolate.cpp\n create mode 100644 src/libcamera/include/ipa_proxy.h\n create mode 100644 src/libcamera/include/process.h\n create mode 100644 src/libcamera/ipa_proxy.cpp\n create mode 100644 src/libcamera/process.cpp\n create mode 100644 src/libcamera/process_manager.cpp\n create mode 100644 src/libcamera/proxy/ipa_proxy_linux.cpp\n create mode 100644 src/libcamera/proxy/meson.build\n create mode 100644 src/libcamera/proxy/worker/ipa_proxy_linux_worker.cpp\n create mode 100644 src/libcamera/proxy/worker/meson.build\n create mode 100644 test/process/meson.build\n create mode 100644 test/process/process_test.cpp"}