Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1513623004:
Enable Control Flow Integrity for the official Linux Chrome. (Closed)
|
Created:
5 years ago by krasin Modified:
5 years ago CC:
chromium-reviews, yunlian, eugenis+clang_chromium.org, glider+clang_chromium.org, dmikurube+clang_chromium.org, ukai+watch_chromium.org, kcc, pcc Base URL:
https://chromium.googlesource.com/chromium/src.git@master Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionEnable Control Flow Integrity for the official Linux Chrome.
This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
http://clang.llvm.org/docs/ControlFlowIntegrity.html
This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
and should not be an issue.
BUG=chromium:464797
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ
This is a fifth attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1502373003/
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/
https://codereview.chromium.org/1502233004/
The last time it failed, it was primarily due to the new Clang roll,
that had a bug in the linker. This is now fixed upstream and
the new Clang roll happened: https://crbug.com/568248
Perf bots were purple and got a RAM upgrade: https://crbug.com/567787
precice64 official buildbot got OOM due to too many Gold instances
running in parallel: https://crbug.com/568011, a more conservative
limit was submitted: https://codereview.chromium.org/1509733004/
TBR=thestig@chromium.org
Committed: https://crrev.com/efe55ae0c0f26165d71d540ac319ccc9bc569cb3
Cr-Commit-Position: refs/heads/master@{#365117}
Patch Set 1 #Patch Set 2 : remove py #Patch Set 3 : . #
Messages
Total messages: 35 (16 generated)
krasin@google.com changed reviewers: + thakis@chromium.org
Hi Nico, sending the launch CL early on. I will submit it when / if the new toolchain is rolled in.
Note to myself: update.py change is accidental and must be reverted.
lgtm with update.py change reverted (the cl won't land with that anyhow since that line will give you a merge conflict)
The CQ bit was checked by krasin@google.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1513623004/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1513623004/20001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by krasin@google.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1513623004/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1513623004/40001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by krasin@google.com
The patchset sent to the CQ was uploaded after l-g-t-m from thakis@chromium.org Link to the patchset: https://codereview.chromium.org/1513623004/#ps40001 (title: ".")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1513623004/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1513623004/40001
krasin@google.com changed reviewers: + thestig@chromium.org
Lei, please, approve the deps change. This is the same CL as https://codereview.chromium.org/1502233004/, re-landing it here.
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: chromium_presubmit on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
krasin@google.com changed reviewers: + phajdan.jr@chromium.org
Please, approve the deps part of the CL. FYI: I've fixed the official buildbots which had issues with the deps: https://crbug.com/568905 and https://crbug.com/569265
On 2015/12/14 21:19:07, krasin wrote: > Please, approve the deps part of the CL. > > FYI: I've fixed the official buildbots which had issues with the deps: > https://crbug.com/568905 and https://crbug.com/569265 I am about to submit this as TBR for chrome/installer/linux/debian/expected_deps_x64 as the change there is trivial, and I need to submit it now to have time to revert the CL is something goes wrong before the next Canary build is started.
Description was changed from ========== Enable Control Flow Integrity for the official Linux Chrome. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a fifth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ The last time it failed, it was primarily due to the new Clang roll, that had a bug in the linker. This is now fixed upstream and the new Clang roll happened: https://crbug.com/568248 Perf bots were purple and got a RAM upgrade: https://crbug.com/567787 precice64 official buildbot got OOM due to too many Gold instances running in parallel: https://crbug.com/568011, a more conservative limit was submitted: https://codereview.chromium.org/1509733004/ ========== to ========== Enable Control Flow Integrity for the official Linux Chrome. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a fifth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ The last time it failed, it was primarily due to the new Clang roll, that had a bug in the linker. This is now fixed upstream and the new Clang roll happened: https://crbug.com/568248 Perf bots were purple and got a RAM upgrade: https://crbug.com/567787 precice64 official buildbot got OOM due to too many Gold instances running in parallel: https://crbug.com/568011, a more conservative limit was submitted: https://codereview.chromium.org/1509733004/ TBR=thestig@chromium.org ==========
The CQ bit was checked by krasin@google.com
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1513623004/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1513623004/40001
lgtm
thank you! On Mon, Dec 14, 2015 at 1:57 PM, <thestig@chromium.org> wrote: > lgtm > > https://codereview.chromium.org/1513623004/ > -- You received this message because you are subscribed to the Google Groups "Chromium-reviews" group. To unsubscribe from this group and stop receiving emails from it, send an email to chromium-reviews+unsubscribe@chromium.org.
The CQ bit was unchecked by krasin@google.com
The CQ bit was checked by krasin@google.com
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1513623004/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1513623004/40001
Message was sent while issue was closed.
Description was changed from ========== Enable Control Flow Integrity for the official Linux Chrome. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a fifth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ The last time it failed, it was primarily due to the new Clang roll, that had a bug in the linker. This is now fixed upstream and the new Clang roll happened: https://crbug.com/568248 Perf bots were purple and got a RAM upgrade: https://crbug.com/567787 precice64 official buildbot got OOM due to too many Gold instances running in parallel: https://crbug.com/568011, a more conservative limit was submitted: https://codereview.chromium.org/1509733004/ TBR=thestig@chromium.org ========== to ========== Enable Control Flow Integrity for the official Linux Chrome. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a fifth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ The last time it failed, it was primarily due to the new Clang roll, that had a bug in the linker. This is now fixed upstream and the new Clang roll happened: https://crbug.com/568248 Perf bots were purple and got a RAM upgrade: https://crbug.com/567787 precice64 official buildbot got OOM due to too many Gold instances running in parallel: https://crbug.com/568011, a more conservative limit was submitted: https://codereview.chromium.org/1509733004/ TBR=thestig@chromium.org ==========
Message was sent while issue was closed.
Committed patchset #3 (id:40001)
Message was sent while issue was closed.
Description was changed from ========== Enable Control Flow Integrity for the official Linux Chrome. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a fifth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ The last time it failed, it was primarily due to the new Clang roll, that had a bug in the linker. This is now fixed upstream and the new Clang roll happened: https://crbug.com/568248 Perf bots were purple and got a RAM upgrade: https://crbug.com/567787 precice64 official buildbot got OOM due to too many Gold instances running in parallel: https://crbug.com/568011, a more conservative limit was submitted: https://codereview.chromium.org/1509733004/ TBR=thestig@chromium.org ========== to ========== Enable Control Flow Integrity for the official Linux Chrome. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a fifth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ The last time it failed, it was primarily due to the new Clang roll, that had a bug in the linker. This is now fixed upstream and the new Clang roll happened: https://crbug.com/568248 Perf bots were purple and got a RAM upgrade: https://crbug.com/567787 precice64 official buildbot got OOM due to too many Gold instances running in parallel: https://crbug.com/568011, a more conservative limit was submitted: https://codereview.chromium.org/1509733004/ TBR=thestig@chromium.org Committed: https://crrev.com/efe55ae0c0f26165d71d540ac319ccc9bc569cb3 Cr-Commit-Position: refs/heads/master@{#365117} ==========
Message was sent while issue was closed.
Patchset 3 (id:??) landed as https://crrev.com/efe55ae0c0f26165d71d540ac319ccc9bc569cb3 Cr-Commit-Position: refs/heads/master@{#365117}
Message was sent while issue was closed.
A revert of this CL (patchset #3 id:40001) has been created in https://codereview.chromium.org/1530553002/ by krasin@google.com. The reason for reverting is: Link time for the official Chrome on the perf buildbot is more than 1 hour. Possibly, some regression in LLVM Gold plugin.. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
