Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1529993002:
Enable Control Flow Integrity for the official Linux Chrome. Try 6. (Closed)
DescriptionEnable Control Flow Integrity for the official Linux Chrome. Try 6.
This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
http://clang.llvm.org/docs/ControlFlowIntegrity.html
This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
and should not be an issue.
BUG=chromium:464797
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ
This is a sixth attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1502373003/
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/
https://codereview.chromium.org/1502233004/
https://codereview.chromium.org/1513623004/
The last time it failed, it was primarily due to the perf build slaves
being much slower then the local build or other GCE slaves,
see https://crbug.com/569732. This is still under investigation,
and the timeout has been increased in the mean time:
https://codereview.chromium.org/1528533003/
Committed: https://crrev.com/14cb7878cb522ad05480547690ec3990f4bbb156
Cr-Commit-Position: refs/heads/master@{#365486}
Patch Set 1 #
Messages
Total messages: 29 (10 generated)
Description was changed from ========== Enable Control Flow Integrity for the official Linux Chrome. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a sixth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ https://codereview.chromium.org/1513623004/ The last time it failed, it was primarily due to the perf build slaves being much slower then the local build or other GCE slaves, see https://crbug.com/569732. This is still under investigation, and the timeout has been increased in the mean time: https://codereview.chromium.org/1528533003/ TBR=thestig@chromium.org ========== to ========== Enable Control Flow Integrity for the official Linux Chrome. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a sixth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ https://codereview.chromium.org/1513623004/ The last time it failed, it was primarily due to the perf build slaves being much slower then the local build or other GCE slaves, see https://crbug.com/569732. This is still under investigation, and the timeout has been increased in the mean time: https://codereview.chromium.org/1528533003/ ==========
krasin@google.com changed reviewers: + thakis@chromium.org
krasin@google.com changed reviewers: + pcc@google.com
lgtm
The CQ bit was checked by krasin@google.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1529993002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1529993002/1
On 2015/12/15 21:10:51, Nico wrote: > what about https://code.google.com/p/chromium/issues/detail?id=568905 ? The problem there is that we didn't have a successful Canary build for a while. We had something on Saturday, but it didn't count for some reason. I am in the contact with Test team and the release sheriff for Dev channel. Our agreement is that I won't submit this CL under Dev release happened + at least one Canary build succeeded. These both things are likely to happen today before 10 PM PST. If that happens, I will make this attempt. If this attempt is unsuccessful, I will not make any new attempts before the New Year. And then I will try to launch it while being in the same room as Chrome Troopers and / or Chrome Infra team. All of the issues I encountered could be either avoided or fixed in a very timely manner if appropriate people were immediately available.
FYI: it's a dry run currently running. No real submit is in progress.
ok, if you're waiting until a dev and a canary build have both completed, then lgtm to land this thereafter
On 2015/12/15 21:26:33, Nico wrote: > ok, if you're waiting until a dev and a canary build have both completed, then > lgtm to land this thereafter Thank you!
LGTM I recommend writing "Enable ... Chrome (try N)" in the subject line, so it's more obvious which email thread is for which attempt.
Description was changed from ========== Enable Control Flow Integrity for the official Linux Chrome. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a sixth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ https://codereview.chromium.org/1513623004/ The last time it failed, it was primarily due to the perf build slaves being much slower then the local build or other GCE slaves, see https://crbug.com/569732. This is still under investigation, and the timeout has been increased in the mean time: https://codereview.chromium.org/1528533003/ ========== to ========== Enable Control Flow Integrity for the official Linux Chrome. Try 6. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a sixth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ https://codereview.chromium.org/1513623004/ The last time it failed, it was primarily due to the perf build slaves being much slower then the local build or other GCE slaves, see https://crbug.com/569732. This is still under investigation, and the timeout has been increased in the mean time: https://codereview.chromium.org/1528533003/ ==========
On 2015/12/15 22:13:04, Lei Zhang wrote: > LGTM > > I recommend writing "Enable ... Chrome (try N)" in the subject line, so it's > more obvious which email thread is for which attempt. Done.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by krasin@google.com
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1529993002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1529993002/1
Message was sent while issue was closed.
Description was changed from ========== Enable Control Flow Integrity for the official Linux Chrome. Try 6. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a sixth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ https://codereview.chromium.org/1513623004/ The last time it failed, it was primarily due to the perf build slaves being much slower then the local build or other GCE slaves, see https://crbug.com/569732. This is still under investigation, and the timeout has been increased in the mean time: https://codereview.chromium.org/1528533003/ ========== to ========== Enable Control Flow Integrity for the official Linux Chrome. Try 6. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a sixth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ https://codereview.chromium.org/1513623004/ The last time it failed, it was primarily due to the perf build slaves being much slower then the local build or other GCE slaves, see https://crbug.com/569732. This is still under investigation, and the timeout has been increased in the mean time: https://codereview.chromium.org/1528533003/ ==========
Message was sent while issue was closed.
Committed patchset #1 (id:1)
Message was sent while issue was closed.
Description was changed from ========== Enable Control Flow Integrity for the official Linux Chrome. Try 6. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a sixth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ https://codereview.chromium.org/1513623004/ The last time it failed, it was primarily due to the perf build slaves being much slower then the local build or other GCE slaves, see https://crbug.com/569732. This is still under investigation, and the timeout has been increased in the mean time: https://codereview.chromium.org/1528533003/ ========== to ========== Enable Control Flow Integrity for the official Linux Chrome. Try 6. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-i... http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2... This is a sixth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ https://codereview.chromium.org/1513623004/ The last time it failed, it was primarily due to the perf build slaves being much slower then the local build or other GCE slaves, see https://crbug.com/569732. This is still under investigation, and the timeout has been increased in the mean time: https://codereview.chromium.org/1528533003/ Committed: https://crrev.com/14cb7878cb522ad05480547690ec3990f4bbb156 Cr-Commit-Position: refs/heads/master@{#365486} ==========
Message was sent while issue was closed.
Patchset 1 (id:??) landed as https://crrev.com/14cb7878cb522ad05480547690ec3990f4bbb156 Cr-Commit-Position: refs/heads/master@{#365486}
Message was sent while issue was closed.
A revert of this CL (patchset #1 id:1) has been created in https://codereview.chromium.org/1532693002/ by krasin@google.com. The reason for reverting is: Official desktop continuous builder takes >8 hours while using up to 100% RAM and as much CPU it could get while still not hitting OOM. Try 6 is scrubbed. The next attempt will be in late January 2016 or even February. We will try to reduce the requirements for RAM and CPU while linking the binaries with CFI. .
Message was sent while issue was closed.
danakj@chromium.org changed reviewers: + danakj@chromium.org
Message was sent while issue was closed.
This appears to cause linking to time out: https://chromegw.corp.google.com/i/official.desktop.continuous/builders/preci...
Message was sent while issue was closed.
A revert of this CL (patchset #1 id:1) has been created in https://codereview.chromium.org/1532723002/ by danakj@chromium.org. The reason for reverting is: Causes link to time out: https://chromegw.corp.google.com/i/official.desktop.continuous/builders/preci.... |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
