From patchwork Mon Sep 16 10:37:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Celine Laurencin X-Patchwork-Id: 21288 Return-Path: X-Original-To: parsemail@patchwork.libcamera.org Delivered-To: parsemail@patchwork.libcamera.org Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com [92.243.16.209]) by patchwork.libcamera.org (Postfix) with ESMTPS id 49DBBC3257 for ; Wed, 18 Sep 2024 06:58:24 +0000 (UTC) Received: from lancelot.ideasonboard.com (localhost [IPv6:::1]) by lancelot.ideasonboard.com (Postfix) with ESMTP id BB6A7634F9; Wed, 18 Sep 2024 08:58:22 +0200 (CEST) Authentication-Results: lancelot.ideasonboard.com; dkim=pass (2048-bit key; unprotected) header.d=nxp.com header.i=@nxp.com header.b="WiD8fYRR"; dkim-atps=neutral Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170110001.outbound.protection.outlook.com [IPv6:2a01:111:f403:c200::1]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id 0C128634EB for ; Mon, 16 Sep 2024 12:37:34 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=XrCJ5XYeDBRb+KNVmPj1nJiTYVYcjAjm46EBwOSyJrbgOLVZp8kCBolw0KL95M0t6Ohm6JLYfngRfjXubdH7mSToTu9fWPckTZNSxRejwvEibwJOYBJz0CcUh48wnrmeBeyYU7X6dZReKVjuucqjjMr+g+Jr2wmXV1NcQLx4uU6IKKz+F6cX9JHZcSAyU48j1vyderRq5it+uGz4bFdvKwAuEkCfU24cSKsuec1jpZ865SsN8p+jUkyfCXE86E2WvhlWnmBDlFrk6xsd3NVS60KpsmgIcNr6fbtxoNWoJCKrYSob8TONU4zEvP0+lYfGO5BoQsWkzPXdZYYHGBvBkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5yW31mrhzY2Zxw1cLrdWoHObvso347zHtd0Ig1oK+OE=; b=KIRXtdtlcw8I8onV1YDoLa3u2NJTu3TQ1bbmc/gL3Mj1UCkw09TYERTBqYB6bXoZLJY91tVqG8tU1ruT2dQU9Fyf++m2lgdZF9CzpW9IyPB03QfV3xHdmrWIedwfiVbn1A2+8xvm34efLaTk2/I1vjoGyJrzj+XW4MCh+Eck6XxzFMhIe2YNgDfmCIkPEe0IXhH5JY8YQw5UrQq5I7LGn/TWyVG7Yhhd3OVF57AfdkuK1QmSKBeDLoyRWuZoU1YRhpAIu3uPF2Wupad7coxtiSzXEYfPIGM3JgbHp+2YC9VK+YJcIBmuYJX2Zy8+QdPNQtgKprVKaQyjLhexjHPF2g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5yW31mrhzY2Zxw1cLrdWoHObvso347zHtd0Ig1oK+OE=; b=WiD8fYRRlI/+MTk4DJDWk5z8CZxPV/tpgBWgPwyKGQ5KZpl64XdrUYV8gmIpJhSmlGjWn8yWcRuocO93kIdqRszmQDhCsFDzIEMTGz0VmOy4UU+VyHpOe7IxlVbAI23Mkdr7siGbsoqSIG8CW903Y9k4JYvhhxnmeLdkFL5lsgXo/ONN6kbCMJDtuiM9ttRKXBs7VOvuHBW6DSe3QdX1k9DrsueXZDPxtaXzQhEMwFAS6acUwhr5oEF9hzOGa6UUZcV/ZyIXc5wBmspdM+zGU0z+5fwHq/puEe48foOvmTwXXEAnp/d5Zew1URFhv6IqQjGBriQOIfLIttGOk9yncw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from AS8PR04MB9094.eurprd04.prod.outlook.com (2603:10a6:20b:445::22) by AM8PR04MB7890.eurprd04.prod.outlook.com (2603:10a6:20b:24e::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.23; Mon, 16 Sep 2024 10:37:32 +0000 Received: from AS8PR04MB9094.eurprd04.prod.outlook.com ([fe80::b9cf:567c:515d:f1de]) by AS8PR04MB9094.eurprd04.prod.outlook.com ([fe80::b9cf:567c:515d:f1de%4]) with mapi id 15.20.7962.022; Mon, 16 Sep 2024 10:37:32 +0000 From: Celine Laurencin To: libcamera-devel@lists.libcamera.org, julien.vuillaumier@nxp.com, gilles.talis@nxp.com Cc: Celine Laurencin Subject: [PATCH] libcamera: ipa_manager: Allow disabling IPA module isolation Date: Mon, 16 Sep 2024 12:37:22 +0200 Message-Id: <20240916103722.29880-1-celine.laurencin@nxp.com> X-Mailer: git-send-email 2.25.1 X-ClientProxiedBy: SJ0PR13CA0211.namprd13.prod.outlook.com (2603:10b6:a03:2c1::6) To AS8PR04MB9094.eurprd04.prod.outlook.com (2603:10a6:20b:445::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR04MB9094:EE_|AM8PR04MB7890:EE_ X-MS-Office365-Filtering-Correlation-Id: e796a73c-a6ed-4258-7016-08dcd63b921d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|366016|52116014|376014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: UFkcD1tk1dcz+ZnvOiRyBGAsfRWgfk+BshaPR0HetzeXC9Yh+EW5n2AEgu94jQAw44PsHS4+ngt/hLMYA+/CRdrg1WVF50lx8KxRA8pTY2x7dSdVhK3eoRQ8zPWUQ/MKjbE1Fgj+r9FUGRCFh7D4w7ZkBzkMSYQ81ujIBPXjAEfZgRQzMbOS+wyvhxJfaGvUuajvqm2soAb02uNF7YXQPvcRQHZVCjFDqkVd//CqGz3ahD308+qTYq1wqoGd3VHaXbdVINOMc1gETMt1gF9hz4H/T9uu3revbbBgiHigc6dv6ncKyfTCTxIGD65xiVi1R0a/LUiTYuNtwWiSn7+dEH4b7MHvV81X8UlLSfKy1efJh+IOpbME3aC5OSK0AoXLbP1nOqrTytfDfacXaP2cnv7cUCj7OJgVZLn2eX/IEv/n/i9CjMPOgSCgDvvA1N49u+3XcIgOYSW4FzHmjbuT1h2BxxAjcx8lgVTNWatt8ka5a5aK1nMIl/oYONBfgHi4ug5/2kUQj8hBzDX/UkHvI3a7uUEfnQWxasX/sx+h840RRPZKaa4amZNmFHhSjtdBDmkneKVych4Fq78mFuOA9r8KI4bNADPogvLEs99S75Y3X7H0xD05W7ZjLwOYZinQ0Det0ZGkZDYTJOpxw66nFzwkbLWf29bCd4sSC4N17xPoGx6FMVSQx/INSMeQipaBt1F6KseLOa8jYFTzmxeCn3O89rXbGjWp3sbTDn0ZtAR3lTryYwZqHweHU/ot3javKBqWhr1KgfMSPAg7eDMh1E2nm6BAntB5o47SNdegzRH5UE30PCFrDR5LEmwf12dSnyFhPni7HIphMr68qRyeoNqXeiP6IWGEVd7MUk+Ay3Gn0qXNMf3Q71RqOFQ6yzwYIXxWahJHDEve9HjJXcwElw7hauKBkjwm0ZMh9Y3g+mwMfLozEmYlr05QCTAJJ2J4VngE9WVIOUqudZMLwzCmXuEgemmN1f09FbZbVevdHMwe8bi8p3Zb81nplf0CoseETn4iJhkaF96iilu4RcIpx06MEtmFq+dmWc1gl8ojHXc+NXT1nYMJyoxmnT8ivaPhts5wPR+eFALWV0501G+XqYjVp2zgvEP007MC5O6lrvddb6r5zvHGJbREBNbdfjsZMCVWjddXnHC1RFsKo7iJAYE0ZyEtZJQ/ksvkqkdGVUW7qd5+OvvpvN6uGVIkF4rDCbTwZutK/wMOg7s6SxPtrNYLhdJM7du+ApNnKJsOL72Y3+Ymk2kw4Nf/igS8f6YRzL/Rcv1mRyd2aVYmQU1lTR1lyMQy2py4hdKeqwolqV/e8rMrXOlTA9ttQm+MM757cEN9AfUmorb8iI8LQTEQV79jhKUbWHZ8GPgLZy7VeSYA6NuAgtRac0jp1byORnCIepta7Rdj3z4gQA/WEGGNCg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR04MB9094.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(366016)(52116014)(376014)(1800799024)(38350700014); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 358L7RiRRLvmdf4M4o5UGHnPVtX5vls4SGn5jecXIw2iQfIKy0mNYffVoLxY7uL2PzQ39VVHCZblutl7hvJyKJBOyG6MBG9G7mNXzMN2gdeaiESYVduoR/SCjo3uuZr0nv7SEAkw/tapnqJMvU8Nh+X5OevJCT6b4chU6S16LSAVqMlucGT0gciQOeUeLtSb9FXq0xdnca6an3m/8hAEbTDOG535UszIM3oTeutOKASFtrVlIcUMO55JY3SPYxloqhwtTb4OFYkl89RWv/r67cfudyjDbwo2T7LTZ9lrmSDR3qsp9hS/c9njhxcrW8ukB+ez159JW0yk2K3yziNsUeSeE+mCZUXcDgBd6eQuCNVSeMQHHgqF4WvWtF5D2BtWquBebsFym5jesaodlaARJuBjoHeLcPM+BGGuQPpcf3qzfzKexQqdec43IX/Xw4ltdH0qAxzlMKAWfpZ9fyFzfxQ6C+b5L3xHHr28EKRVZ/yYRJ43MYSsE1WvxBhvi9cnZ/+3ps6XC4X7njQzT7flfM9BRX6coYZCq2GtCkQzxw6PUujwhegjqDhHMxQNewtd0e/fGqYINEjQ/1ihBOFv62zTWXhtx1X0YZN2gU0RPgklxgoeULhjnqSv9x+YbxvUL1fegQYS4295YBOvktT7KA0P0TragAGlUwUOcdlhic2s/RMcyAH0mmbhGLHbxCdq3W9nbJdBby+pzmtiU9NrMXuH0pkYcjeoefUvb/UpRp/Zlcj2tOrHVKfP6yL86+ZsQ7rlZZdW4cz3D/d51+2W75i+R4MXGcWariU+lzMNZd+KM51+0ElKifQEhVh0oJ+PMg2Yma4jihKE+/mroH+wzOi9OV+JSvJGPsZG1T5XmdAPwhStFkLdL2zCIc1T9dQ0D7QHEvHuzxWqrfz/7XLa1TcLdk1SmECzMaURQH6q0OO+D7bDjj9P3icJ3kOzkyXxRQK8Xyfyfl1F62rw6YJw9QTn4Mx+sMX90U+o3jYJm/JP5RQ3l8ZQvwrYayen0xREpN7wLy3V8lCiiNvCaxoaq6vrTIl3HQtBPb21M1lME8sjnB8eNLm21cYD8JZ5l8uz0ilwkbCEl/Hins92/1oDKPxOlJCs5dkDiMtpQokVo6Q9sAAvGHY7hPuAUOPqHUOhe9CSC8cZtocFeDgVsDe96u2scxXcX1s0tamlm91SiCwU1QoUZOchWegLw7vgz8S+fIQ0xAUr9aGiZf+EFLdQtwLy2OLZBOiIzKrWJwe5/bgjte06XNT2UVOD3xSI/8nNlbtKv1yR9o89gjH2jn53jzLFVFX9WjbGVKU97wdaDDf+mWEFUnaP1UyL5CTeDRwLZGhWjsn051XCfCv1z10jFLq6uqFFil34U+fMbzX6iIu7LgIMnozdiuo8vxmidZT78X/sVfTM4tgZfPiVpB64q+xiVjAHushNMwUfzpd3VKyWsI0jbiZ2R3KNjh9fTuhYvtpekX7AvkpEmOO6O9NOosxt+7G6FyNGfubtsJo47Ix9THJ2YBJu8WJuqyXl9qsuzjbv49S5DeqbyNJn3dxT4qvqwKxZycgNaztFBRY6YyH6Y9I+Ci/9uyKYJ73QFW7R5B8BobG46cuI56pozg9ecQ== X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: e796a73c-a6ed-4258-7016-08dcd63b921d X-MS-Exchange-CrossTenant-AuthSource: AS8PR04MB9094.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Sep 2024 10:37:32.5518 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: l49Mj6S4PkHrP46RlmUln02xqJomx+Mh150/uqXpr+dIZULCEdCPfT5b9pr3UcWo4vVE4RfPBL/5TgVq0QzAogTXRAby0b7wRR/45Jckw+k= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR04MB7890 X-Mailman-Approved-At: Wed, 18 Sep 2024 08:58:21 +0200 X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libcamera-devel-bounces@lists.libcamera.org Sender: "libcamera-devel" For testing purposes with non-signed IPA, it can be useful to run IPA in non-isolated mode to share the libcamera privilege. Add a way to disable IPA module isolation through a new LIBCAMERA_IPA_DISABLE_ISOLATION environment variable. If isolation is disabled with LIBCAMERA_IPA_DISABLE_ISOLATION, all IPA modules run in non-isolated mode and the environment variable LIBCAMERA_IPA_FORCE_ISOLATION is not considered. Signed-off-by: Celine Laurencin --- Documentation/environment_variables.rst | 7 +++++++ src/libcamera/ipa_manager.cpp | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/Documentation/environment_variables.rst b/Documentation/environment_variables.rst index 4e9fbb27..013acaf8 100644 --- a/Documentation/environment_variables.rst +++ b/Documentation/environment_variables.rst @@ -32,6 +32,13 @@ LIBCAMERA_IPA_FORCE_ISOLATION Example value: ``1`` +LIBCAMERA_IPA_DISABLE_ISOLATION + When set to a non-empty string, disable process isolation of all IPA modules. + If isolation is disabled, all IPA modules run in non-isolated mode and + the environment variable LIBCAMERA_IPA_FORCE_ISOLATION is not taking effect. + + Example value: ``1`` + LIBCAMERA_IPA_MODULE_PATH Define custom search locations for IPA modules (`more `__). diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp index f4e0b633..f606c74c 100644 --- a/src/libcamera/ipa_manager.cpp +++ b/src/libcamera/ipa_manager.cpp @@ -295,6 +295,14 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion, bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const { #if HAVE_IPA_PUBKEY + char *disableIsolation = utils::secure_getenv("LIBCAMERA_IPA_DISABLE_ISOLATION"); + if (disableIsolation && disableIsolation[0] != '\0') { + LOG(IPAManager, Debug) + << "Isolation of IPA module " << ipa->path() + << " disabled through environment variable"; + return true; + } + char *force = utils::secure_getenv("LIBCAMERA_IPA_FORCE_ISOLATION"); if (force && force[0] != '\0') { LOG(IPAManager, Debug)