[libcamera-devel,v3,0/7] Add IPA process isolation

mbox series

Message ID	20190709184450.32023-1-paul.elder@ideasonboard.com
Headers	show Return-Path: <paul.elder@ideasonboard.com> From: Paul Elder <paul.elder@ideasonboard.com> To: libcamera-devel@lists.libcamera.org Date: Wed, 10 Jul 2019 03:44:43 +0900 Message-Id: <20190709184450.32023-1-paul.elder@ideasonboard.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [libcamera-devel] [PATCH v3 0/7] Add IPA process isolation Precedence: list
Series	Add IPA process isolation
Related	show [libcamera-devel,v3,0/7] Add IPA process isolation [libcamera-devel,v3,1/7] libcamera: ipa_module_info: add license field [libcamera-devel,v3,2/7] libcamera: Add Process and ProcessManager classes [libcamera-devel,v3,3/7] libcamera: add IPA proxy [libcamera-devel,v3,4/7] libcamera: proxy: add default linux IPA proxy [libcamera-devel,v3,5/7] libcamera: ipa_manager: use proxy [libcamera-devel,v3,6/7] libcamera: ipa: add dummy IPA that needs to be isolated [libcamera-devel,v3,7/7] libcamera: ipa: meson: build dummy IPA that needs isolation

Message ID

20190709184450.32023-1-paul.elder@ideasonboard.com

Headers

From: Paul Elder <paul.elder@ideasonboard.com>
To: libcamera-devel@lists.libcamera.org
Date: Wed, 10 Jul 2019 03:44:43 +0900
Message-Id: <20190709184450.32023-1-paul.elder@ideasonboard.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [libcamera-devel] [PATCH v3 0/7] Add IPA process isolation
Precedence: list

Series

Add IPA process isolation

show

Message

Paul Elder July 9, 2019, 6:44 p.m. UTC

We need to be able to isolate untrusted IPA implementations into a
separate process. To achieve this, we use an IPA proxy, that acts like a
regular IPAInterface to the pipeline handler, but will initialize and
communicate with the real IPA module in a separate, isolated process.

Changes in v2:
- renamed Shim to Proxy
- build proxies into libcamera, and not into separate .so
- add Process and ProcessManager
- add license field to IPAModuleInfo (as opposed to a "please isolate me" flag)
- use IPCUnixSocket (it's only initialized for now)
- moved out some patches into their own series

Paul Elder (7):
  libcamera: ipa_module_info: add license field
  libcamera: Add Process and ProcessManager classes
  libcamera: add IPA proxy
  libcamera: proxy: add default linux IPA proxy
  libcamera: ipa_manager: use proxy
  libcamera: ipa: add dummy IPA that needs to be isolated
  libcamera: ipa: meson: build dummy IPA that needs isolation

 Documentation/Doxyfile.in                     |   3 +-
 include/libcamera/ipa/ipa_module_info.h       |   1 +
 src/ipa/ipa_dummy.cpp                         |   1 +
 src/ipa/ipa_dummy_isolate.cpp                 |  46 +++
 src/ipa/meson.build                           |  21 +-
 src/libcamera/include/ipa_proxy.h             |  66 ++++
 src/libcamera/include/process.h               |  61 +++
 src/libcamera/ipa_manager.cpp                 |  46 ++-
 src/libcamera/ipa_module.cpp                  |  21 +
 src/libcamera/ipa_proxy.cpp                   | 204 ++++++++++
 src/libcamera/meson.build                     |   8 +
 src/libcamera/process.cpp                     | 359 ++++++++++++++++++
 src/libcamera/process_manager.cpp             |   0
 src/libcamera/proxy/ipa_proxy_linux.cpp       |  96 +++++
 src/libcamera/proxy/meson.build               |   3 +
 .../proxy/worker/ipa_proxy_linux_worker.cpp   |  89 +++++
 src/libcamera/proxy/worker/meson.build        |  16 +
 test/ipa/ipa_test.cpp                         |   1 +
 test/libtest/test.cpp                         |   4 +
 test/meson.build                              |   1 +
 test/process/meson.build                      |  12 +
 test/process/process_test.cpp                 |  95 +++++
 22 files changed, 1142 insertions(+), 12 deletions(-)
 create mode 100644 src/ipa/ipa_dummy_isolate.cpp
 create mode 100644 src/libcamera/include/ipa_proxy.h
 create mode 100644 src/libcamera/include/process.h
 create mode 100644 src/libcamera/ipa_proxy.cpp
 create mode 100644 src/libcamera/process.cpp
 create mode 100644 src/libcamera/process_manager.cpp
 create mode 100644 src/libcamera/proxy/ipa_proxy_linux.cpp
 create mode 100644 src/libcamera/proxy/meson.build
 create mode 100644 src/libcamera/proxy/worker/ipa_proxy_linux_worker.cpp
 create mode 100644 src/libcamera/proxy/worker/meson.build
 create mode 100644 test/process/meson.build
 create mode 100644 test/process/process_test.cpp

[libcamera-devel,v3,0/7] Add IPA process isolation 1633 mbox series

Message

[libcamera-devel,v3,0/7] Add IPA process isolation
mbox series