From patchwork Tue Jul 9 18:44:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Elder X-Patchwork-Id: 1633 Return-Path: Received: from perceval.ideasonboard.com (perceval.ideasonboard.com [IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id 3B7196156F for ; Tue, 9 Jul 2019 20:45:00 +0200 (CEST) Received: from neptunite.amanokami.net (softbank126163157105.bbtec.net [126.163.157.105]) by perceval.ideasonboard.com (Postfix) with ESMTPSA id 3B8C656A; Tue, 9 Jul 2019 20:44:57 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com; s=mail; t=1562697899; bh=r/TmMArLBgA2oYQUy2IJCBSJW+JjaiWaKa9IPrASxCs=; h=From:To:Cc:Subject:Date:From; b=h4by2gPLdfCC1Vc1ZW4KoQiwpbbQYUa+tojxrAXpYCi5kVLAObJYCAHu1m+TQhdYW Gh1jAOyJLnIkOacP8tqvGHCAg2KB0mxmCGpLbXLn5gKlFMSP+vzs5ASTNyxYdXf0iR 3L+Ipv/rMdMNhoG6eoE146l9+bYYQn85aTc0peOI= From: Paul Elder To: libcamera-devel@lists.libcamera.org Date: Wed, 10 Jul 2019 03:44:43 +0900 Message-Id: <20190709184450.32023-1-paul.elder@ideasonboard.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [libcamera-devel] [PATCH v3 0/7] Add IPA process isolation X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 18:45:00 -0000 We need to be able to isolate untrusted IPA implementations into a separate process. To achieve this, we use an IPA proxy, that acts like a regular IPAInterface to the pipeline handler, but will initialize and communicate with the real IPA module in a separate, isolated process. Changes in v2: - renamed Shim to Proxy - build proxies into libcamera, and not into separate .so - add Process and ProcessManager - add license field to IPAModuleInfo (as opposed to a "please isolate me" flag) - use IPCUnixSocket (it's only initialized for now) - moved out some patches into their own series Paul Elder (7): libcamera: ipa_module_info: add license field libcamera: Add Process and ProcessManager classes libcamera: add IPA proxy libcamera: proxy: add default linux IPA proxy libcamera: ipa_manager: use proxy libcamera: ipa: add dummy IPA that needs to be isolated libcamera: ipa: meson: build dummy IPA that needs isolation Documentation/Doxyfile.in | 3 +- include/libcamera/ipa/ipa_module_info.h | 1 + src/ipa/ipa_dummy.cpp | 1 + src/ipa/ipa_dummy_isolate.cpp | 46 +++ src/ipa/meson.build | 21 +- src/libcamera/include/ipa_proxy.h | 66 ++++ src/libcamera/include/process.h | 61 +++ src/libcamera/ipa_manager.cpp | 46 ++- src/libcamera/ipa_module.cpp | 21 + src/libcamera/ipa_proxy.cpp | 204 ++++++++++ src/libcamera/meson.build | 8 + src/libcamera/process.cpp | 359 ++++++++++++++++++ src/libcamera/process_manager.cpp | 0 src/libcamera/proxy/ipa_proxy_linux.cpp | 96 +++++ src/libcamera/proxy/meson.build | 3 + .../proxy/worker/ipa_proxy_linux_worker.cpp | 89 +++++ src/libcamera/proxy/worker/meson.build | 16 + test/ipa/ipa_test.cpp | 1 + test/libtest/test.cpp | 4 + test/meson.build | 1 + test/process/meson.build | 12 + test/process/process_test.cpp | 95 +++++ 22 files changed, 1142 insertions(+), 12 deletions(-) create mode 100644 src/ipa/ipa_dummy_isolate.cpp create mode 100644 src/libcamera/include/ipa_proxy.h create mode 100644 src/libcamera/include/process.h create mode 100644 src/libcamera/ipa_proxy.cpp create mode 100644 src/libcamera/process.cpp create mode 100644 src/libcamera/process_manager.cpp create mode 100644 src/libcamera/proxy/ipa_proxy_linux.cpp create mode 100644 src/libcamera/proxy/meson.build create mode 100644 src/libcamera/proxy/worker/ipa_proxy_linux_worker.cpp create mode 100644 src/libcamera/proxy/worker/meson.build create mode 100644 test/process/meson.build create mode 100644 test/process/process_test.cpp