{"id":1588,"url":"https://patchwork.libcamera.org/api/covers/1588/?format=json","web_url":"https://patchwork.libcamera.org/cover/1588/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20190703080007.21376-1-paul.elder@ideasonboard.com>","date":"2019-07-03T08:00:00","name":"[libcamera-devel,RFC,v2,0/7] Add IPA process isolation","submitter":{"id":17,"url":"https://patchwork.libcamera.org/api/people/17/?format=json","name":"Paul Elder","email":"paul.elder@ideasonboard.com"},"mbox":"https://patchwork.libcamera.org/cover/1588/mbox/","series":[{"id":392,"url":"https://patchwork.libcamera.org/api/series/392/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=392","date":"2019-07-03T08:00:00","name":"Add IPA process isolation","version":2,"mbox":"https://patchwork.libcamera.org/series/392/mbox/"}],"comments":"https://patchwork.libcamera.org/api/covers/1588/comments/","headers":{"Return-Path":"<paul.elder@ideasonboard.com>","Received":["from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id C53D860C23\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tWed,  3 Jul 2019 10:00:23 +0200 (CEST)","from neptunite.flets-east.jp\n\t(p1871204-ipngn14001hodogaya.kanagawa.ocn.ne.jp [153.220.127.204])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 5A7B524B;\n\tWed,  3 Jul 2019 10:00:22 +0200 (CEST)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1562140823;\n\tbh=ThaYDGRWx2r8D4ChwM5T62wXJ061ngGbqVoHw43X+hs=;\n\th=From:To:Cc:Subject:Date:From;\n\tb=iFvBilHyWJLZWiHePe63BhQS5nngfHaHJpfekmcVG+Z1BKrqF/+6+zIiLPPYjkRfE\n\tJbbwC+5d/TXOzpwMwN+H5rex8Eg0HT7Oxn/EpJ+pqAlmtqDe/w5fqeHwOl5qT3HTTz\n\tC2RQf9Q+hxnQ6v9DLQSr+qzIcf2KA+aYt15isDdk=","From":"Paul Elder <paul.elder@ideasonboard.com>","To":"libcamera-devel@lists.libcamera.org","Date":"Wed,  3 Jul 2019 17:00:00 +0900","Message-Id":"<20190703080007.21376-1-paul.elder@ideasonboard.com>","X-Mailer":"git-send-email 2.20.1","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Subject":"[libcamera-devel] [RFC PATCH v2 0/7] Add IPA process isolation","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.23","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","X-List-Received-Date":"Wed, 03 Jul 2019 08:00:23 -0000"},"content":"We need to be able to isolate untrusted IPA implementations into a\nseparate process. To achieve this, we use an IPA proxy, that acts like a\nregular IPAInterface to the pipeline handler, but will initialize and\ncommunicate with the real IPA module in a separate, isolated process.\n\nChanges in v2:\n- renamed Shim to Proxy\n- build proxies into libcamera, and not into separate .so\n- add Process and ProcessManager\n- add license field to IPAModuleInfo (as opposed to a \"please isolate me\" flag)\n- use IPCUnixSocket (it's only initialized for now)\n- moved out some patches into their own series\n\nPaul Elder (7):\n  libcamera: ipa_module_info: add license field\n  libcamera: process, process manager: create process and manager\n    classes\n  libcamera: add IPA proxy\n  libcamera: proxy: add default linux proxy\n  libcamera: ipa_manager: use proxy\n  libcamera: ipa: add dummy IPA that needs to be isolated\n  libcamera: ipa: meson: build dummy IPA that needs isolation\n\n Documentation/Doxyfile.in                     |   3 +-\n include/libcamera/ipa/ipa_module_info.h       |   2 +\n src/ipa/ipa_dummy.cpp                         |   1 +\n src/ipa/ipa_dummy_isolate.cpp                 |  46 ++++\n src/ipa/meson.build                           |  23 +-\n src/libcamera/include/ipa_proxy.h             |  68 ++++++\n src/libcamera/include/process.h               |  35 +++\n src/libcamera/include/process_manager.h       |  40 ++++\n src/libcamera/ipa_manager.cpp                 |  48 +++-\n src/libcamera/ipa_module.cpp                  |   3 +\n src/libcamera/ipa_proxy.cpp                   | 219 ++++++++++++++++++\n src/libcamera/meson.build                     |   9 +\n src/libcamera/process.cpp                     | 140 +++++++++++\n src/libcamera/process_manager.cpp             | 104 +++++++++\n src/libcamera/proxy/meson.build               |   3 +\n src/libcamera/proxy/proxy_linux_default.cpp   |  90 +++++++\n src/libcamera/proxy_worker/meson.build        |  18 ++\n .../proxy_linux_default_worker.cpp            |  46 ++++\n test/ipa/ipa_test.cpp                         |   1 +\n test/libtest/test.cpp                         |   4 +\n 20 files changed, 890 insertions(+), 13 deletions(-)\n create mode 100644 src/ipa/ipa_dummy_isolate.cpp\n create mode 100644 src/libcamera/include/ipa_proxy.h\n create mode 100644 src/libcamera/include/process.h\n create mode 100644 src/libcamera/include/process_manager.h\n create mode 100644 src/libcamera/ipa_proxy.cpp\n create mode 100644 src/libcamera/process.cpp\n create mode 100644 src/libcamera/process_manager.cpp\n create mode 100644 src/libcamera/proxy/meson.build\n create mode 100644 src/libcamera/proxy/proxy_linux_default.cpp\n create mode 100644 src/libcamera/proxy_worker/meson.build\n create mode 100644 src/libcamera/proxy_worker/proxy_linux_default_worker.cpp"}