From patchwork Thu Jul 11 18:50:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Elder X-Patchwork-Id: 1659 Return-Path: Received: from perceval.ideasonboard.com (perceval.ideasonboard.com [213.167.242.64]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id 5AD6D60BC8 for ; Thu, 11 Jul 2019 20:51:04 +0200 (CEST) Received: from neptunite.amanokami.net (softbank126163157105.bbtec.net [126.163.157.105]) by perceval.ideasonboard.com (Postfix) with ESMTPSA id D478A31C; Thu, 11 Jul 2019 20:51:02 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com; s=mail; t=1562871064; bh=Rr63PKHaBEz9n127ILT/RaI5pvIip3ThXcxdBVOM5O8=; h=From:To:Cc:Subject:Date:From; b=hl765R7z9DOyYOoN5ga2Iuli2VzJeGsjsrsFmB1EUwjDkUnIzJIjO/d6zfEl54dNd JODIpZ+jr41t43kMbuQd7jvb6YwWEliizmix2z0mRFtqUCMG/9UXNKc4fnIgCn3IGv 43wnwVFMzT1ohmqcs5xlbOfRJSMC7cg5q7+WkbW0= From: Paul Elder To: libcamera-devel@lists.libcamera.org Date: Fri, 12 Jul 2019 03:50:39 +0900 Message-Id: <20190711185047.11671-1-paul.elder@ideasonboard.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [libcamera-devel] [PATCH v4 0/8] Add IPA process isolation X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 18:51:04 -0000 We need to be able to isolate untrusted IPA implementations into a separate process. To achieve this, we use an IPA proxy, that acts like a regular IPAInterface to the pipeline handler, but will initialize and communicate with the real IPA module in a separate, isolated process. Changes in v4: - minor changes - added IPAModule::isOpenSource() Changes in v3: - a lot, i forgot to put them in last time Changes in v2: - renamed Shim to Proxy - build proxies into libcamera, and not into separate .so - add Process and ProcessManager - add license field to IPAModuleInfo (as opposed to a "please isolate me" flag) - use IPCUnixSocket (it's only initialized for now) - moved out some patches into their own series Paul Elder (8): libcamera: ipa_module_info: add license field libcamera: ipa_module: add isOpenSource libcamera: Add Process and ProcessManager classes libcamera: add IPA proxy libcamera: proxy: add default linux IPA proxy libcamera: ipa_manager: use proxy libcamera: ipa: add dummy IPA that needs to be isolated libcamera: ipa: meson: build dummy IPA that needs isolation Documentation/Doxyfile.in | 3 +- include/libcamera/ipa/ipa_module_info.h | 1 + src/ipa/ipa_dummy.cpp | 1 + src/ipa/ipa_dummy_isolate.cpp | 47 +++ src/ipa/meson.build | 21 +- src/libcamera/include/ipa_module.h | 2 + src/libcamera/include/ipa_proxy.h | 66 ++++ src/libcamera/include/process.h | 55 +++ src/libcamera/ipa_manager.cpp | 34 +- src/libcamera/ipa_module.cpp | 46 +++ src/libcamera/ipa_proxy.cpp | 204 ++++++++++ src/libcamera/meson.build | 8 + src/libcamera/process.cpp | 357 ++++++++++++++++++ src/libcamera/process_manager.cpp | 0 src/libcamera/proxy/ipa_proxy_linux.cpp | 96 +++++ src/libcamera/proxy/meson.build | 3 + .../proxy/worker/ipa_proxy_linux_worker.cpp | 86 +++++ src/libcamera/proxy/worker/meson.build | 16 + test/ipa/ipa_test.cpp | 1 + test/libtest/test.cpp | 4 + test/meson.build | 1 + test/process/meson.build | 12 + test/process/process_test.cpp | 100 +++++ 23 files changed, 1152 insertions(+), 12 deletions(-) create mode 100644 src/ipa/ipa_dummy_isolate.cpp create mode 100644 src/libcamera/include/ipa_proxy.h create mode 100644 src/libcamera/include/process.h create mode 100644 src/libcamera/ipa_proxy.cpp create mode 100644 src/libcamera/process.cpp create mode 100644 src/libcamera/process_manager.cpp create mode 100644 src/libcamera/proxy/ipa_proxy_linux.cpp create mode 100644 src/libcamera/proxy/meson.build create mode 100644 src/libcamera/proxy/worker/ipa_proxy_linux_worker.cpp create mode 100644 src/libcamera/proxy/worker/meson.build create mode 100644 test/process/meson.build create mode 100644 test/process/process_test.cpp