[{"id":31258,"web_url":"https://patchwork.libcamera.org/comment/31258/","msgid":"<20240918065847.GA17832@pendragon.ideasonboard.com>","date":"2024-09-18T06:58:47","subject":"Re: [PATCH] libcamera: ipa_manager: Allow disabling IPA module\n\tisolation","submitter":{"id":2,"url":"https://patchwork.libcamera.org/api/people/2/","name":"Laurent Pinchart","email":"laurent.pinchart@ideasonboard.com"},"content":"Hi Celine,\n\nOn Mon, Sep 16, 2024 at 12:37:22PM +0200, Celine Laurencin wrote:\n> For testing purposes with non-signed IPA, it can be useful to run IPA in non-isolated mode\n> to share the libcamera privilege.\n> \n> Add a way to disable IPA module isolation through a new LIBCAMERA_IPA_DISABLE_ISOLATION\n> environment variable.\n> If isolation is disabled with LIBCAMERA_IPA_DISABLE_ISOLATION, all IPA modules run in\n> non-isolated mode and the environment variable LIBCAMERA_IPA_FORCE_ISOLATION is not\n> considered.\n\nFor testing you can do this by hacking and recompiling libcamera. We\ndon't want a way to disable IPA module isolation upstream.\n\n> Signed-off-by: Celine Laurencin <celine.laurencin@nxp.com>\n> ---\n>  Documentation/environment_variables.rst | 7 +++++++\n>  src/libcamera/ipa_manager.cpp           | 8 ++++++++\n>  2 files changed, 15 insertions(+)\n> \n> diff --git a/Documentation/environment_variables.rst b/Documentation/environment_variables.rst\n> index 4e9fbb27..013acaf8 100644\n> --- a/Documentation/environment_variables.rst\n> +++ b/Documentation/environment_variables.rst\n> @@ -32,6 +32,13 @@ LIBCAMERA_IPA_FORCE_ISOLATION\n>  \n>     Example value: ``1``\n>  \n> +LIBCAMERA_IPA_DISABLE_ISOLATION\n> +   When set to a non-empty string, disable process isolation of all IPA modules.\n> +   If isolation is disabled, all IPA modules run in non-isolated mode and\n> +   the environment variable LIBCAMERA_IPA_FORCE_ISOLATION is not taking effect.\n> +\n> +   Example value: ``1``\n> +\n>  LIBCAMERA_IPA_MODULE_PATH\n>     Define custom search locations for IPA modules (`more <IPA module_>`__).\n>  \n> diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp\n> index f4e0b633..f606c74c 100644\n> --- a/src/libcamera/ipa_manager.cpp\n> +++ b/src/libcamera/ipa_manager.cpp\n> @@ -295,6 +295,14 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,\n>  bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const\n>  {\n>  #if HAVE_IPA_PUBKEY\n> +\tchar *disableIsolation = utils::secure_getenv(\"LIBCAMERA_IPA_DISABLE_ISOLATION\");\n> +\tif (disableIsolation && disableIsolation[0] != '\\0') {\n> +\t\tLOG(IPAManager, Debug)\n> +\t\t\t<< \"Isolation of IPA module \" << ipa->path()\n> +\t\t\t<< \" disabled through environment variable\";\n> +\t\treturn true;\n> +\t}\n> +\n>  \tchar *force = utils::secure_getenv(\"LIBCAMERA_IPA_FORCE_ISOLATION\");\n>  \tif (force && force[0] != '\\0') {\n>  \t\tLOG(IPAManager, Debug)","headers":{"Return-Path":"<libcamera-devel-bounces@lists.libcamera.org>","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id DB05BC3257\n\tfor <parsemail@patchwork.libcamera.org>;\n\tWed, 18 Sep 2024 06:59:21 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 7B086634F9;\n\tWed, 18 Sep 2024 08:59:21 +0200 (CEST)","from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[213.167.242.64])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 69AEF618E0\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tWed, 18 Sep 2024 08:59:20 +0200 (CEST)","from pendragon.ideasonboard.com (unknown [185.44.53.103])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 132ED3D5;\n\tWed, 18 Sep 2024 08:57:58 +0200 (CEST)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key;\n\tunprotected) header.d=ideasonboard.com header.i=@ideasonboard.com\n\theader.b=\"QUKsLXT8\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1726642678;\n\tbh=HAKjAyegMzwS1jcQF6JZ6Sajhe0Rcbs76LDNyLZhIHo=;\n\th=Date:From:To:Cc:Subject:References:In-Reply-To:From;\n\tb=QUKsLXT8hoZnQls60a64zEinWbVkAzuF0VwA6DbeuYapNUos4Gbb1klHs0jF3lJGs\n\tJ7OdWakB4EU4as4mTy6pgcZdYsAeCEUS88QKdRBOmtQ59+DqUABfJsFvkXnFraDKd2\n\tqsKJIxvicOSvLZCtahsXR9r3OpHRJjA4NK9cIcJE=","Date":"Wed, 18 Sep 2024 09:58:47 +0300","From":"Laurent Pinchart <laurent.pinchart@ideasonboard.com>","To":"Celine Laurencin <celine.laurencin@nxp.com>","Cc":"libcamera-devel@lists.libcamera.org, julien.vuillaumier@nxp.com,\n\tgilles.talis@nxp.com","Subject":"Re: [PATCH] libcamera: ipa_manager: Allow disabling IPA module\n\tisolation","Message-ID":"<20240918065847.GA17832@pendragon.ideasonboard.com>","References":"<20240916103722.29880-1-celine.laurencin@nxp.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","In-Reply-To":"<20240916103722.29880-1-celine.laurencin@nxp.com>","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" <libcamera-devel-bounces@lists.libcamera.org>"}}]