Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(71)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1532693002: Revert of Enable Control Flow Integrity for the official Linux Chrome. Try 6. (Closed)

Created:
5 years ago by krasin
Modified:
5 years ago
Reviewers:
Lei Zhang, Nico, pcc, pcc1
CC:
chromium-reviews, grt+watch_chromium.org, Michael Moss, wfh+watch_chromium.org, kcc
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Revert of Enable Control Flow Integrity for the official Linux Chrome. Try 6. (patchset #1 id:1 of https://codereview.chromium.org/1529993002/ ) Reason for revert: Official desktop continuous builder takes >8 hours while using up to 100% RAM and as much CPU it could get while still not hitting OOM. Try 6 is scrubbed. The next attempt will be in late January 2016 or even February. We will try to reduce the requirements for RAM and CPU while linking the binaries with CFI. Original issue's description: > Enable Control Flow Integrity for the official Linux Chrome. Try 6. > > This CL turns on CFI, a security check: > https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity > http://clang.llvm.org/docs/ControlFlowIntegrity.html > > This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. > CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, > and should not be an issue. > > BUG=chromium:464797 > Intent to Implement thread: > https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ > > This is a sixth attempt to land the CL. Previous attempts: > https://codereview.chromium.org/1502373003/ > https://codereview.chromium.org/1501593003/ > https://codereview.chromium.org/1393283005/ > https://codereview.chromium.org/1502233004/ > https://codereview.chromium.org/1513623004/ > > The last time it failed, it was primarily due to the perf build slaves > being much slower then the local build or other GCE slaves, > see https://crbug.com/569732. This is still under investigation, > and the timeout has been increased in the mean time: > https://codereview.chromium.org/1528533003/ > > Committed: https://crrev.com/14cb7878cb522ad05480547690ec3990f4bbb156 > Cr-Commit-Position: refs/heads/master@{#365486} TBR=thestig@chromium.org,thakis@chromium.org,pcc@google.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:464797 Committed: https://crrev.com/1e16347cc95833f00b9d7347cc35b12423ca6ddf Cr-Commit-Position: refs/heads/master@{#365590}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+5 lines, -15 lines) Patch
M build/common.gypi View 1 chunk +0 lines, -7 lines 0 comments Download
M build/config/sanitizers/sanitizers.gni View 3 chunks +4 lines, -7 lines 0 comments Download
M chrome/installer/linux/debian/expected_deps_x64 View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 7 (2 generated)
krasin
Created Revert of Enable Control Flow Integrity for the official Linux Chrome. Try 6.
5 years ago (2015-12-16 19:41:35 UTC) #1
pcc1
lgtm
5 years ago (2015-12-16 19:42:12 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1532693002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1532693002/1
5 years ago (2015-12-16 19:42:19 UTC) #3
commit-bot: I haz the power
Committed patchset #1 (id:1)
5 years ago (2015-12-16 19:44:19 UTC) #5
commit-bot: I haz the power
5 years ago (2015-12-16 19:45:12 UTC) #7
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/1e16347cc95833f00b9d7347cc35b12423ca6ddf
Cr-Commit-Position: refs/heads/master@{#365590}

Powered by Google App Engine
This is Rietveld 408576698