[libcamera-devel,RFC,v2,0/7] Add IPA process isolation

mbox series

Message ID	20190703080007.21376-1-paul.elder@ideasonboard.com
Headers	show Return-Path: <paul.elder@ideasonboard.com> From: Paul Elder <paul.elder@ideasonboard.com> To: libcamera-devel@lists.libcamera.org Date: Wed, 3 Jul 2019 17:00:00 +0900 Message-Id: <20190703080007.21376-1-paul.elder@ideasonboard.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [libcamera-devel] [RFC PATCH v2 0/7] Add IPA process isolation Precedence: list
Series	Add IPA process isolation
Related	show [libcamera-devel,RFC,v2,0/7] Add IPA process isolation [libcamera-devel,RFC,v2,1/7] libcamera: ipa_module_info: add license field [libcamera-devel,RFC,v2,2/7] libcamera: process, process manager: create process and manager classes [libcamera-devel,RFC,v2,3/7] libcamera: add IPA proxy [libcamera-devel,RFC,v2,4/7] libcamera: proxy: add default linux proxy [libcamera-devel,RFC,v2,5/7] libcamera: ipa_manager: use proxy [libcamera-devel,RFC,v2,6/7] libcamera: ipa: add dummy IPA that needs to be isolated [libcamera-devel,RFC,v2,7/7] libcamera: ipa: meson: build dummy IPA that needs isolation

Message ID

20190703080007.21376-1-paul.elder@ideasonboard.com

Headers

From: Paul Elder <paul.elder@ideasonboard.com>
To: libcamera-devel@lists.libcamera.org
Date: Wed,  3 Jul 2019 17:00:00 +0900
Message-Id: <20190703080007.21376-1-paul.elder@ideasonboard.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [libcamera-devel] [RFC PATCH v2 0/7] Add IPA process isolation
Precedence: list

Series

Add IPA process isolation

show

Message

Paul Elder July 3, 2019, 8 a.m. UTC

We need to be able to isolate untrusted IPA implementations into a
separate process. To achieve this, we use an IPA proxy, that acts like a
regular IPAInterface to the pipeline handler, but will initialize and
communicate with the real IPA module in a separate, isolated process.

Changes in v2:
- renamed Shim to Proxy
- build proxies into libcamera, and not into separate .so
- add Process and ProcessManager
- add license field to IPAModuleInfo (as opposed to a "please isolate me" flag)
- use IPCUnixSocket (it's only initialized for now)
- moved out some patches into their own series

Paul Elder (7):
  libcamera: ipa_module_info: add license field
  libcamera: process, process manager: create process and manager
    classes
  libcamera: add IPA proxy
  libcamera: proxy: add default linux proxy
  libcamera: ipa_manager: use proxy
  libcamera: ipa: add dummy IPA that needs to be isolated
  libcamera: ipa: meson: build dummy IPA that needs isolation

 Documentation/Doxyfile.in                     |   3 +-
 include/libcamera/ipa/ipa_module_info.h       |   2 +
 src/ipa/ipa_dummy.cpp                         |   1 +
 src/ipa/ipa_dummy_isolate.cpp                 |  46 ++++
 src/ipa/meson.build                           |  23 +-
 src/libcamera/include/ipa_proxy.h             |  68 ++++++
 src/libcamera/include/process.h               |  35 +++
 src/libcamera/include/process_manager.h       |  40 ++++
 src/libcamera/ipa_manager.cpp                 |  48 +++-
 src/libcamera/ipa_module.cpp                  |   3 +
 src/libcamera/ipa_proxy.cpp                   | 219 ++++++++++++++++++
 src/libcamera/meson.build                     |   9 +
 src/libcamera/process.cpp                     | 140 +++++++++++
 src/libcamera/process_manager.cpp             | 104 +++++++++
 src/libcamera/proxy/meson.build               |   3 +
 src/libcamera/proxy/proxy_linux_default.cpp   |  90 +++++++
 src/libcamera/proxy_worker/meson.build        |  18 ++
 .../proxy_linux_default_worker.cpp            |  46 ++++
 test/ipa/ipa_test.cpp                         |   1 +
 test/libtest/test.cpp                         |   4 +
 20 files changed, 890 insertions(+), 13 deletions(-)
 create mode 100644 src/ipa/ipa_dummy_isolate.cpp
 create mode 100644 src/libcamera/include/ipa_proxy.h
 create mode 100644 src/libcamera/include/process.h
 create mode 100644 src/libcamera/include/process_manager.h
 create mode 100644 src/libcamera/ipa_proxy.cpp
 create mode 100644 src/libcamera/process.cpp
 create mode 100644 src/libcamera/process_manager.cpp
 create mode 100644 src/libcamera/proxy/meson.build
 create mode 100644 src/libcamera/proxy/proxy_linux_default.cpp
 create mode 100644 src/libcamera/proxy_worker/meson.build
 create mode 100644 src/libcamera/proxy_worker/proxy_linux_default_worker.cpp

[libcamera-devel,RFC,v2,0/7] Add IPA process isolation 1588 mbox series

Message

[libcamera-devel,RFC,v2,0/7] Add IPA process isolation
mbox series