Issue 1502233004: Enable Control Flow Integrity for the official Linux Chrome.

Issue 1502233004: Enable Control Flow Integrity for the official Linux Chrome. (Closed)

Created:
5 years ago by krasin

Modified:
5 years ago

Reviewers:
Lei Zhang, Nico

CC:
chromium-reviews, grt+watch_chromium.org, Michael Moss, wfh+watch_chromium.org, kcc, pcc

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Enable Control Flow Integrity for the official Linux Chrome. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ This is a fourth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ The last time it failed, it was https://crbug.com/567637 (mismatched deps expectations for the installer). Fixing the expectations. Committed: https://crrev.com/64719eadd90a3131a744baa89a1183bdcb1e2375 Cr-Commit-Position: refs/heads/master@{#363895}

Patch Set 1 #

Total comments: 2

Created: 5 years ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+15 lines, -5 lines)			Patch
M	build/common.gypi	View	1 chunk	+7 lines, -0 lines	2 comments	Download
M	build/config/sanitizers/sanitizers.gni	View	3 chunks	+7 lines, -4 lines	0 comments	Download
M	chrome/installer/linux/debian/expected_deps_x64	View	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 22 (9 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1502233004/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1502233004/1

5 years ago (2015-12-08 20:57:19 UTC) #9

pcc1

https://codereview.chromium.org/1502233004/diff/1/build/common.gypi File build/common.gypi (right): https://codereview.chromium.org/1502233004/diff/1/build/common.gypi#newcode852 build/common.gypi:852: # downloaded. See src/tools/clang/scripts/update.sh FYI, update.sh is no more. ...

5 years ago (2015-12-08 21:03:01 UTC) #11

krasin

5 years ago (2015-12-08 21:08:16 UTC) #14

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1502233004/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1502233004/1

5 years ago (2015-12-08 23:18:01 UTC) #18

commit-bot: I haz the power

Patchset 1 (id:??) landed as https://crrev.com/64719eadd90a3131a744baa89a1183bdcb1e2375 Cr-Commit-Position: refs/heads/master@{#363895}

5 years ago (2015-12-09 01:55:13 UTC) #21

Nico

5 years ago (2015-12-09 15:25:08 UTC) #22

Message was sent while issue was closed.

A revert of this CL (patchset #1 id:1) has been created in
https://codereview.chromium.org/1517443002/ by thakis@chromium.org.

The reason for reverting is: Broken at clang trunk (http://crbug.com/568121).

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages