Enable Control Flow Integrity for the official Linux Chrome.

Enable Control Flow Integrity for the official Linux Chrome.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
and should not be an issue.

BUG=chromium:464797
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ

This is a third attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/

All issues discovered by the previous attempt are resolved at this point.

Committed: https://crrev.com/2e8ed4750b26923558b4754de4fd7f4cae3399e8
Cr-Commit-Position: refs/heads/master@{#363677}

[krasin, 2015-12-07 21:26:46]

krasin@google.com changed reviewers:
+ thakis@chromium.org

[krasin, 2015-12-07 21:26:47]

Hi Nico,

our awesome infra team has increased the amount of RAM on the buildbot that
timed out in the last attempt (see https://crbug.com/567258).

I would like to submit the CL again and wait for the smoke. There still could be
some buildbots which are not large enough to build Chrome with LTO, but they are
not apparent right now.

[Nico, 2015-12-07 21:27:44]

lgtm

[krasin, 2015-12-07 21:29:55]

The CQ bit was checked by krasin@google.com to run a CQ dry run

[commit-bot: I haz the power, 2015-12-07 21:31:30]

Dry run: CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1502373003/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1502373003/1

[commit-bot: I haz the power, 2015-12-08 00:41:35]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2015-12-08 00:41:35]

Dry run: This issue passed the CQ dry run.

[krasin, 2015-12-08 00:44:04]

The CQ bit was checked by krasin@google.com

[commit-bot: I haz the power, 2015-12-08 00:47:37]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1502373003/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1502373003/1

[commit-bot: I haz the power, 2015-12-08 01:20:12]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2015-12-08 01:21:48]

Description was changed from

==========
Enable Control Flow Integrity for the official Linux Chrome.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i...
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the
linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is
less than 1%,
and should not be an issue.

BUG=chromium:464797
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2...

This is a third attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/

All issues discovered by the previous attempt are resolved at this point.
==========

to

==========
Enable Control Flow Integrity for the official Linux Chrome.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i...
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the
linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is
less than 1%,
and should not be an issue.

BUG=chromium:464797
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2...

This is a third attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/

All issues discovered by the previous attempt are resolved at this point.

Committed: https://crrev.com/2e8ed4750b26923558b4754de4fd7f4cae3399e8
Cr-Commit-Position: refs/heads/master@{#363677}
==========

[commit-bot: I haz the power, 2015-12-08 01:21:48]

Patchset 1 (id:??) landed as
https://crrev.com/2e8ed4750b26923558b4754de4fd7f4cae3399e8
Cr-Commit-Position: refs/heads/master@{#363677}

[Mike West, 2015-12-08 09:53:05]

A revert of this CL (patchset #1 id:1) has been created in
https://codereview.chromium.org/1502133004/ by mkwst@chromium.org.

The reason for reverting is: Speculative revert to see if this resolves
dependency issues on the official builder.

"""
Huh! It appears that dpkg-shlibdeps (http://man.he.net/man1/dpkg-shlibdeps)
takes a look at the undefined symbols in the binary, looks at their version and
generates the requirement, like "libdbus-1-3 (>= 1.2.14)". If some code was
eliminated due to full-program optimization, the number of undefined symbols
could reduce, and the requirement could become weaker, like "libdbus-1-3 (>=
1.1.4)".
"""

BUG=567637.

[krasin, 2015-12-08 19:29:54]

krasin@google.com changed reviewers:
+ gab@chromium.org

[krasin, 2015-12-08 19:30:41]

Description was changed from

==========
Enable Control Flow Integrity for the official Linux Chrome.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i...
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the
linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is
less than 1%,
and should not be an issue.

BUG=chromium:464797
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2...

This is a third attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/

All issues discovered by the previous attempt are resolved at this point.

Committed: https://crrev.com/2e8ed4750b26923558b4754de4fd7f4cae3399e8
Cr-Commit-Position: refs/heads/master@{#363677}
==========

to

==========
Enable Control Flow Integrity for the official Linux Chrome.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i...
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the
linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is
less than 1%,
and should not be an issue.

BUG=chromium:464797
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2...

This is a third attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/

All issues discovered by the previous attempt are resolved at this point.

Committed: https://crrev.com/2e8ed4750b26923558b4754de4fd7f4cae3399e8
Cr-Commit-Position: refs/heads/master@{#363677}
==========

[krasin, 2015-12-08 19:30:41]

krasin@google.com changed reviewers:
- gab@chromium.org