| Message ID | 20240916103722.29880-1-celine.laurencin@nxp.com |
|---|---|
| State | Rejected |
| Headers | show |
| Series |
|
| Related | show |
Hi Celine, On Mon, Sep 16, 2024 at 12:37:22PM +0200, Celine Laurencin wrote: > For testing purposes with non-signed IPA, it can be useful to run IPA in non-isolated mode > to share the libcamera privilege. > > Add a way to disable IPA module isolation through a new LIBCAMERA_IPA_DISABLE_ISOLATION > environment variable. > If isolation is disabled with LIBCAMERA_IPA_DISABLE_ISOLATION, all IPA modules run in > non-isolated mode and the environment variable LIBCAMERA_IPA_FORCE_ISOLATION is not > considered. For testing you can do this by hacking and recompiling libcamera. We don't want a way to disable IPA module isolation upstream. > Signed-off-by: Celine Laurencin <celine.laurencin@nxp.com> > --- > Documentation/environment_variables.rst | 7 +++++++ > src/libcamera/ipa_manager.cpp | 8 ++++++++ > 2 files changed, 15 insertions(+) > > diff --git a/Documentation/environment_variables.rst b/Documentation/environment_variables.rst > index 4e9fbb27..013acaf8 100644 > --- a/Documentation/environment_variables.rst > +++ b/Documentation/environment_variables.rst > @@ -32,6 +32,13 @@ LIBCAMERA_IPA_FORCE_ISOLATION > > Example value: ``1`` > > +LIBCAMERA_IPA_DISABLE_ISOLATION > + When set to a non-empty string, disable process isolation of all IPA modules. > + If isolation is disabled, all IPA modules run in non-isolated mode and > + the environment variable LIBCAMERA_IPA_FORCE_ISOLATION is not taking effect. > + > + Example value: ``1`` > + > LIBCAMERA_IPA_MODULE_PATH > Define custom search locations for IPA modules (`more <IPA module_>`__). > > diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp > index f4e0b633..f606c74c 100644 > --- a/src/libcamera/ipa_manager.cpp > +++ b/src/libcamera/ipa_manager.cpp > @@ -295,6 +295,14 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion, > bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const > { > #if HAVE_IPA_PUBKEY > + char *disableIsolation = utils::secure_getenv("LIBCAMERA_IPA_DISABLE_ISOLATION"); > + if (disableIsolation && disableIsolation[0] != '\0') { > + LOG(IPAManager, Debug) > + << "Isolation of IPA module " << ipa->path() > + << " disabled through environment variable"; > + return true; > + } > + > char *force = utils::secure_getenv("LIBCAMERA_IPA_FORCE_ISOLATION"); > if (force && force[0] != '\0') { > LOG(IPAManager, Debug)
diff --git a/Documentation/environment_variables.rst b/Documentation/environment_variables.rst index 4e9fbb27..013acaf8 100644 --- a/Documentation/environment_variables.rst +++ b/Documentation/environment_variables.rst @@ -32,6 +32,13 @@ LIBCAMERA_IPA_FORCE_ISOLATION Example value: ``1`` +LIBCAMERA_IPA_DISABLE_ISOLATION + When set to a non-empty string, disable process isolation of all IPA modules. + If isolation is disabled, all IPA modules run in non-isolated mode and + the environment variable LIBCAMERA_IPA_FORCE_ISOLATION is not taking effect. + + Example value: ``1`` + LIBCAMERA_IPA_MODULE_PATH Define custom search locations for IPA modules (`more <IPA module_>`__). diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp index f4e0b633..f606c74c 100644 --- a/src/libcamera/ipa_manager.cpp +++ b/src/libcamera/ipa_manager.cpp @@ -295,6 +295,14 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion, bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const { #if HAVE_IPA_PUBKEY + char *disableIsolation = utils::secure_getenv("LIBCAMERA_IPA_DISABLE_ISOLATION"); + if (disableIsolation && disableIsolation[0] != '\0') { + LOG(IPAManager, Debug) + << "Isolation of IPA module " << ipa->path() + << " disabled through environment variable"; + return true; + } + char *force = utils::secure_getenv("LIBCAMERA_IPA_FORCE_ISOLATION"); if (force && force[0] != '\0') { LOG(IPAManager, Debug)
For testing purposes with non-signed IPA, it can be useful to run IPA in non-isolated mode to share the libcamera privilege. Add a way to disable IPA module isolation through a new LIBCAMERA_IPA_DISABLE_ISOLATION environment variable. If isolation is disabled with LIBCAMERA_IPA_DISABLE_ISOLATION, all IPA modules run in non-isolated mode and the environment variable LIBCAMERA_IPA_FORCE_ISOLATION is not considered. Signed-off-by: Celine Laurencin <celine.laurencin@nxp.com> --- Documentation/environment_variables.rst | 7 +++++++ src/libcamera/ipa_manager.cpp | 8 ++++++++ 2 files changed, 15 insertions(+)