From patchwork Sun Jul 11 23:15:45 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
X-Patchwork-Id: 12898
Return-Path: <libcamera-devel-bounces@lists.libcamera.org>
X-Original-To: parsemail@patchwork.libcamera.org
Delivered-To: parsemail@patchwork.libcamera.org
Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com
	[92.243.16.209])
	by patchwork.libcamera.org (Postfix) with ESMTPS id 240E5BD794
	for <parsemail@patchwork.libcamera.org>;
	Sun, 11 Jul 2021 23:16:40 +0000 (UTC)
Received: from lancelot.ideasonboard.com (localhost [IPv6:::1])
	by lancelot.ideasonboard.com (Postfix) with ESMTP id 01C9268532;
	Mon, 12 Jul 2021 01:16:39 +0200 (CEST)
Authentication-Results: lancelot.ideasonboard.com;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=ideasonboard.com header.i=@ideasonboard.com
	header.b="sEvUOinP"; dkim-atps=neutral
Received: from perceval.ideasonboard.com (perceval.ideasonboard.com
	[213.167.242.64])
	by lancelot.ideasonboard.com (Postfix) with ESMTPS id 9CC5A68521
	for <libcamera-devel@lists.libcamera.org>;
	Mon, 12 Jul 2021 01:16:37 +0200 (CEST)
Received: from pendragon.lan (62-78-145-57.bb.dnainternet.fi [62.78.145.57])
	by perceval.ideasonboard.com (Postfix) with ESMTPSA id 4A0C6255
	for <libcamera-devel@lists.libcamera.org>;
	Mon, 12 Jul 2021 01:16:37 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;
	s=mail; t=1626045397;
	bh=AKBanrAdVydDPTr/wUG2A8XjnWG996WDcV1XgyeSvSw=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=sEvUOinP4vQEDpqy9n8+xJ+ktYWZ3SmI/MaiwbZ5T0cPmiSBvikplfXSBpTH0YFsx
	2iN5nxU2WwXywp7sJW+/wcqWZ0+tVhLZ6mlrL1e7TN2j6HO077FMS6mRiPzp0iumG9
	YZJnMDWMk9oN6AQwNgJ3YfiRYr2vA0vRs5kMw68s=
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
To: libcamera-devel@lists.libcamera.org
Date: Mon, 12 Jul 2021 02:15:45 +0300
Message-Id: <20210711231547.19664-2-laurent.pinchart@ideasonboard.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210711231547.19664-1-laurent.pinchart@ideasonboard.com>
References: <20210711231547.19664-1-laurent.pinchart@ideasonboard.com>
MIME-Version: 1.0
Subject: [libcamera-devel] [PATCH 1/3] libcamera: ipa_manager: Fix IPA
	module min/max version check
X-BeenThere: libcamera-devel@lists.libcamera.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <libcamera-devel.lists.libcamera.org>
List-Unsubscribe: <https://lists.libcamera.org/options/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>
List-Archive: <https://lists.libcamera.org/pipermail/libcamera-devel/>
List-Post: <mailto:libcamera-devel@lists.libcamera.org>
List-Help: <mailto:libcamera-devel-request@lists.libcamera.org?subject=help>
List-Subscribe: <https://lists.libcamera.org/listinfo/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>
Errors-To: libcamera-devel-bounces@lists.libcamera.org
Sender: "libcamera-devel" <libcamera-devel-bounces@lists.libcamera.org>

The IPAManager::createIPA() function has its minVersion and maxVersion
parameters inverted. This doesn't cause any issue at the moment as both
the minimum and maximum version are set to 1 by all callers, but it's
still a bug. Fix it.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Reviewed-by: Paul Elder <paul.elder@ideasonboard.com>
---
 include/libcamera/internal/ipa_manager.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/libcamera/internal/ipa_manager.h b/include/libcamera/internal/ipa_manager.h
index 34224e330da7..42201839901b 100644
--- a/include/libcamera/internal/ipa_manager.h
+++ b/include/libcamera/internal/ipa_manager.h
@@ -31,8 +31,8 @@ public:
 
 	template<typename T>
 	static std::unique_ptr<T> createIPA(PipelineHandler *pipe,
-					    uint32_t maxVersion,
-					    uint32_t minVersion)
+					    uint32_t minVersion,
+					    uint32_t maxVersion)
 	{
 		IPAModule *m = nullptr;
 

From patchwork Sun Jul 11 23:15:46 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
X-Patchwork-Id: 12899
Return-Path: <libcamera-devel-bounces@lists.libcamera.org>
X-Original-To: parsemail@patchwork.libcamera.org
Delivered-To: parsemail@patchwork.libcamera.org
Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com
	[92.243.16.209])
	by patchwork.libcamera.org (Postfix) with ESMTPS id 8EFCFC3225
	for <parsemail@patchwork.libcamera.org>;
	Sun, 11 Jul 2021 23:16:40 +0000 (UTC)
Received: from lancelot.ideasonboard.com (localhost [IPv6:::1])
	by lancelot.ideasonboard.com (Postfix) with ESMTP id 4A1F168535;
	Mon, 12 Jul 2021 01:16:39 +0200 (CEST)
Authentication-Results: lancelot.ideasonboard.com;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=ideasonboard.com header.i=@ideasonboard.com
	header.b="KAmpRc0G"; dkim-atps=neutral
Received: from perceval.ideasonboard.com (perceval.ideasonboard.com
	[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])
	by lancelot.ideasonboard.com (Postfix) with ESMTPS id 00DEE68521
	for <libcamera-devel@lists.libcamera.org>;
	Mon, 12 Jul 2021 01:16:38 +0200 (CEST)
Received: from pendragon.lan (62-78-145-57.bb.dnainternet.fi [62.78.145.57])
	by perceval.ideasonboard.com (Postfix) with ESMTPSA id 96500CC
	for <libcamera-devel@lists.libcamera.org>;
	Mon, 12 Jul 2021 01:16:37 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;
	s=mail; t=1626045397;
	bh=7i4HOEzapnvHYF6XQkEnWY+0MyqAHYNtoz1Jtqu3Wg0=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=KAmpRc0G7uMPq8Dtnb7mxCb25s2LecqpKmQ+sqU/G353ninj6ZVr5J+HK+xvY6C6r
	CTX2IQrAIgn9hYk5egk33uM88GpqtSDDcj8QFhGwnG/K6LvLY4+Jg6GwyAg617uCd+
	AvKjB+Dnhzc6VC3zCGtB/vbbwq7MnAUncFp/KWmw=
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
To: libcamera-devel@lists.libcamera.org
Date: Mon, 12 Jul 2021 02:15:46 +0300
Message-Id: <20210711231547.19664-3-laurent.pinchart@ideasonboard.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210711231547.19664-1-laurent.pinchart@ideasonboard.com>
References: <20210711231547.19664-1-laurent.pinchart@ideasonboard.com>
MIME-Version: 1.0
Subject: [libcamera-devel] [PATCH 2/3] libcamera: ipa_manager: Split common
	code out of createIPA()
X-BeenThere: libcamera-devel@lists.libcamera.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <libcamera-devel.lists.libcamera.org>
List-Unsubscribe: <https://lists.libcamera.org/options/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>
List-Archive: <https://lists.libcamera.org/pipermail/libcamera-devel/>
List-Post: <mailto:libcamera-devel@lists.libcamera.org>
List-Help: <mailto:libcamera-devel-request@lists.libcamera.org?subject=help>
List-Subscribe: <https://lists.libcamera.org/listinfo/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>
Errors-To: libcamera-devel-bounces@lists.libcamera.org
Sender: "libcamera-devel" <libcamera-devel-bounces@lists.libcamera.org>

The createIPA() template function starts with code that doesn't depend
on the template parameters. Split it to a non-template function to avoid
code duplication in the binary.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Reviewed-by: Paul Elder <paul.elder@ideasonboard.com>
---
 include/libcamera/internal/ipa_manager.h | 13 ++++---------
 src/libcamera/ipa_manager.cpp            | 17 +++++++++++++++++
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/include/libcamera/internal/ipa_manager.h b/include/libcamera/internal/ipa_manager.h
index 42201839901b..0687842e5c06 100644
--- a/include/libcamera/internal/ipa_manager.h
+++ b/include/libcamera/internal/ipa_manager.h
@@ -34,15 +34,7 @@ public:
 					    uint32_t minVersion,
 					    uint32_t maxVersion)
 	{
-		IPAModule *m = nullptr;
-
-		for (IPAModule *module : self_->modules_) {
-			if (module->match(pipe, minVersion, maxVersion)) {
-				m = module;
-				break;
-			}
-		}
-
+		IPAModule *m = self_->module(pipe, minVersion, maxVersion);
 		if (!m)
 			return nullptr;
 
@@ -62,6 +54,9 @@ private:
 		      std::vector<std::string> &files);
 	unsigned int addDir(const char *libDir, unsigned int maxDepth = 0);
 
+	IPAModule *module(PipelineHandler *pipe, uint32_t minVersion,
+			  uint32_t maxVersion);
+
 	bool isSignatureValid(IPAModule *ipa) const;
 
 	std::vector<IPAModule *> modules_;
diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp
index b4606c6159e5..9533c8fadea6 100644
--- a/src/libcamera/ipa_manager.cpp
+++ b/src/libcamera/ipa_manager.cpp
@@ -245,6 +245,23 @@ unsigned int IPAManager::addDir(const char *libDir, unsigned int maxDepth)
 	return count;
 }
 
+/**
+ * \brief Retrieve and IPA module that matches a given pipeline handler
+ * \param[in] pipe The pipeline handler
+ * \param[in] minVersion Minimum acceptable version of IPA module
+ * \param[in] maxVersion Maximum acceptable version of IPA module
+ */
+IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,
+			      uint32_t maxVersion)
+{
+	for (IPAModule *module : modules_) {
+		if (module->match(pipe, minVersion, maxVersion))
+			return module;
+	}
+
+	return nullptr;
+}
+
 /**
  * \fn IPAManager::createIPA()
  * \brief Create an IPA proxy that matches a given pipeline handler

From patchwork Sun Jul 11 23:15:47 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
X-Patchwork-Id: 12900
Return-Path: <libcamera-devel-bounces@lists.libcamera.org>
X-Original-To: parsemail@patchwork.libcamera.org
Delivered-To: parsemail@patchwork.libcamera.org
Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com
	[92.243.16.209])
	by patchwork.libcamera.org (Postfix) with ESMTPS id C35E7C3226
	for <parsemail@patchwork.libcamera.org>;
	Sun, 11 Jul 2021 23:16:40 +0000 (UTC)
Received: from lancelot.ideasonboard.com (localhost [IPv6:::1])
	by lancelot.ideasonboard.com (Postfix) with ESMTP id A0CA468528;
	Mon, 12 Jul 2021 01:16:39 +0200 (CEST)
Authentication-Results: lancelot.ideasonboard.com;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=ideasonboard.com header.i=@ideasonboard.com
	header.b="Slw09HFW"; dkim-atps=neutral
Received: from perceval.ideasonboard.com (perceval.ideasonboard.com
	[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])
	by lancelot.ideasonboard.com (Postfix) with ESMTPS id 50E6268521
	for <libcamera-devel@lists.libcamera.org>;
	Mon, 12 Jul 2021 01:16:38 +0200 (CEST)
Received: from pendragon.lan (62-78-145-57.bb.dnainternet.fi [62.78.145.57])
	by perceval.ideasonboard.com (Postfix) with ESMTPSA id E649A255
	for <libcamera-devel@lists.libcamera.org>;
	Mon, 12 Jul 2021 01:16:37 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;
	s=mail; t=1626045398;
	bh=LztnX5GgerYCOmJNK7HP5SePQGeH+AQAyyjA8SX5j8U=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=Slw09HFWnB2zu83u+fPB6feiuRmXtJ778Q2PrvEPYGqoDGhBKfRmuEVup6UPnjBJ8
	f4tIIhpZ6kKQ0UNhU+KbgdxxKxMs95AY69OTbxnual0h5cnSRymKzL26VeM6EY1AWP
	MPor1jzyJnLa2g80GC02EFIfJyt5qoecO/Sd175M=
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
To: libcamera-devel@lists.libcamera.org
Date: Mon, 12 Jul 2021 02:15:47 +0300
Message-Id: <20210711231547.19664-4-laurent.pinchart@ideasonboard.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210711231547.19664-1-laurent.pinchart@ideasonboard.com>
References: <20210711231547.19664-1-laurent.pinchart@ideasonboard.com>
MIME-Version: 1.0
Subject: [libcamera-devel] [PATCH 3/3] libcamera: ipa_manager: Allow forcing
	IPA module isolation
X-BeenThere: libcamera-devel@lists.libcamera.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <libcamera-devel.lists.libcamera.org>
List-Unsubscribe: <https://lists.libcamera.org/options/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>
List-Archive: <https://lists.libcamera.org/pipermail/libcamera-devel/>
List-Post: <mailto:libcamera-devel@lists.libcamera.org>
List-Help: <mailto:libcamera-devel-request@lists.libcamera.org?subject=help>
List-Subscribe: <https://lists.libcamera.org/listinfo/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>
Errors-To: libcamera-devel-bounces@lists.libcamera.org
Sender: "libcamera-devel" <libcamera-devel-bounces@lists.libcamera.org>

For test purpose it's useful to run open-source IPA modules in
isolation. This can already be done by deleting the corresponding
signature file, but that method can be inconvenient. Add a way to force
IPA module isolation through a new LIBCAMERA_IPA_FORCE_ISOLATION
environment variable.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Reviewed-by: Paul Elder <paul.elder@ideasonboard.com>
---
 Documentation/environment_variables.rst | 5 +++++
 src/libcamera/ipa_manager.cpp           | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/Documentation/environment_variables.rst b/Documentation/environment_variables.rst
index d392fd26b87a..1e85befd538a 100644
--- a/Documentation/environment_variables.rst
+++ b/Documentation/environment_variables.rst
@@ -24,6 +24,11 @@ LIBCAMERA_IPA_CONFIG_PATH
 
    Example value: ``${HOME}/.libcamera/share/ipa:/opt/libcamera/vendor/share/ipa``
 
+LIBCAMERA_IPA_FORCE_ISOLATION
+   When set to a non-empty string, force process isolation of all IPA modules.
+
+   Example value: ``1``
+
 LIBCAMERA_IPA_MODULE_PATH
    Define custom search locations for IPA modules (`more <IPA module_>`__).
 
diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp
index 9533c8fadea6..028b2ce21779 100644
--- a/src/libcamera/ipa_manager.cpp
+++ b/src/libcamera/ipa_manager.cpp
@@ -276,6 +276,14 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,
 bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const
 {
 #if HAVE_IPA_PUBKEY
+	char *force = utils::secure_getenv("LIBCAMERA_IPA_FORCE_ISOLATION");
+	if (force && force[0] != '\0') {
+		LOG(IPAManager, Debug)
+			<< "Isolation of IPA module " << ipa->path()
+			<< " forced through environment variable";
+		return false;
+	}
+
 	File file{ ipa->path() };
 	if (!file.open(File::ReadOnly))
 		return false;