|
|
Created:
3 years, 10 months ago by Wez Modified:
3 years, 6 months ago CC:
Mads Ager (chromium), blink-reviews, blink-reviews-wtf_chromium.org, chromium-reviews, Dai Mikurube (NOT FULLTIME), kouhei+heap_chromium.org, Mikhail, oilpan-reviews, vmpstr+watch_chromium.org, wfh+watch_chromium.org Target Ref:
refs/heads/master Project:
chromium Visibility:
Public. |
DescriptionVarious logging-related cleanups & reformatting.
These changes were part of the dump-on-DCHECK patch, (see
https://codereview.chromium.org/1884023002/) but are really just
cleanup/reformatting, so should land separately. They include
some minor test and formatting changes.
BUG=596231
Review-Url: https://codereview.chromium.org/2712823003
Cr-Commit-Position: refs/heads/master@{#480316}
Committed: https://chromium.googlesource.com/chromium/src/+/a245bd07a1e59556dc6c967a1c53c439c3dcad9e
Patch Set 1 #Patch Set 2 : Fix unit test #Patch Set 3 : Remove PartitionAlloc changes (only needed for dump-on-DCHECK) and rebase #Patch Set 4 : Fix base unit-tests #
Messages
Total messages: 43 (27 generated)
The CQ bit was checked by wez@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== Various logging-related cleanups & reformatting. These were encountered while preparing the dump-on-DCHECK patch. BUG=596231 ========== to ========== Various logging-related cleanups & reformatting. These changes were part of the dump-on-DCHECK patch, (see https://codereview.chromium.org/1884023002/) but are really just cleanup/reformatting, so should land separately. Some reformatting changes as per git cl format: Some functional changes to support dump-on-DCHECK: BUG=596231 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)
Description was changed from ========== Various logging-related cleanups & reformatting. These changes were part of the dump-on-DCHECK patch, (see https://codereview.chromium.org/1884023002/) but are really just cleanup/reformatting, so should land separately. Some reformatting changes as per git cl format: Some functional changes to support dump-on-DCHECK: BUG=596231 ========== to ========== Various logging-related cleanups & reformatting. These changes were part of the dump-on-DCHECK patch, (see https://codereview.chromium.org/1884023002/) but are really just cleanup/reformatting, so should land separately. Besides reformatting and naming cleanups there is a functional change to PartitionAllocator, to enable cookie-padding only in Debug builds, rather than in all DCHECK-enabled builds. BUG=596231 ==========
The CQ bit was checked by wez@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by wez@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
wez@chromium.org changed reviewers: + dcheng@chromium.org, haraken@chromium.org, palmer@chromium.org
palmer: As discussed, this makes PartitionAllocator cookie-padding conditional on Debug vs Release, rather than DCHECK-is-on. haraken: PTAL WTF & PartitionAlloc. dcheng: PTAL everything else.
//base LGTM
LGTM but... On 2017/02/23 06:36:22, Wez wrote: > palmer: As discussed, this makes PartitionAllocator cookie-padding conditional > on Debug vs Release, rather than DCHECK-is-on. would you help me understand why you want to restrict the cookie-padding to Debug builds only?
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
> would you help me understand why you want to restrict the cookie-padding to Debug builds only? That's my question, too. I *think* it might be the case that some fuzzers use Release builds with DCHECK-is-on to get some of the checks but still be faster/smaller. I think. Let me check with the fuzzing crew.
As we discussed on the dump-on-DCHECK patch, Chris, the issue is that the DCHECK in there is actually security-sensitive, so if someone were to enable DCHECKs but not have them crash then we've lost that protection. The alternatives would be to (1) fix PartitionAlloc to have explicit sanity-checks independent of build config or (2) change the DCHECK to a CHECK so it'll crash even in dump-on-DCHECK builds. On 23 February 2017 at 10:53, <palmer@chromium.org> wrote: > > would you help me understand why you want to restrict the cookie-padding > to > Debug builds only? > > That's my question, too. I *think* it might be the case that some fuzzers > use > Release builds with DCHECK-is-on to get some of the checks but still be > faster/smaller. I think. Let me check with the fuzzing crew. > > https://codereview.chromium.org/2712823003/ > -- You received this message because you are subscribed to the Google Groups "Blink Reviews" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-reviews+unsubscribe@chromium.org.
As we discussed on the dump-on-DCHECK patch, Chris, the issue is that the DCHECK in there is actually security-sensitive, so if someone were to enable DCHECKs but not have them crash then we've lost that protection. The alternatives would be to (1) fix PartitionAlloc to have explicit sanity-checks independent of build config or (2) change the DCHECK to a CHECK so it'll crash even in dump-on-DCHECK builds. On 23 February 2017 at 10:53, <palmer@chromium.org> wrote: > > would you help me understand why you want to restrict the cookie-padding > to > Debug builds only? > > That's my question, too. I *think* it might be the case that some fuzzers > use > Release builds with DCHECK-is-on to get some of the checks but still be > faster/smaller. I think. Let me check with the fuzzing crew. > > https://codereview.chromium.org/2712823003/ > -- You received this message because you are subscribed to the Google Groups "Chromium-reviews" group. To unsubscribe from this group and stop receiving emails from it, send an email to chromium-reviews+unsubscribe@chromium.org.
On 2017/02/23 19:48:47, Wez wrote: > As we discussed on the dump-on-DCHECK patch, Chris, the issue is that the > DCHECK in there is actually security-sensitive, so if someone were to > enable DCHECKs but not have them crash then we've lost that protection. > > The alternatives would be to (1) fix PartitionAlloc to have explicit > sanity-checks independent of build config or (2) change the DCHECK to a > CHECK so it'll crash even in dump-on-DCHECK builds. > > On 23 February 2017 at 10:53, <mailto:palmer@chromium.org> wrote: > > > > would you help me understand why you want to restrict the cookie-padding > > to > > Debug builds only? > > > > That's my question, too. I *think* it might be the case that some fuzzers > > use > > Release builds with DCHECK-is-on to get some of the checks but still be > > faster/smaller. I think. Let me check with the fuzzing crew. > > > > https://codereview.chromium.org/2712823003/ > > > > -- > You received this message because you are subscribed to the Google Groups > "Chromium-reviews" group. > To unsubscribe from this group and stop receiving emails from it, send an email > to mailto:chromium-reviews+unsubscribe@chromium.org. Note that the cookie-padding should not be enabled on production builds because it affects performance and memory.
On 2017/02/23 21:27:03, haraken wrote: > On 2017/02/23 19:48:47, Wez wrote: > > As we discussed on the dump-on-DCHECK patch, Chris, the issue is that the > > DCHECK in there is actually security-sensitive, so if someone were to > > enable DCHECKs but not have them crash then we've lost that protection. > > > > The alternatives would be to (1) fix PartitionAlloc to have explicit > > sanity-checks independent of build config or (2) change the DCHECK to a > > CHECK so it'll crash even in dump-on-DCHECK builds. > > > > On 23 February 2017 at 10:53, <mailto:palmer@chromium.org> wrote: > > > > > > would you help me understand why you want to restrict the cookie-padding > > > to > > > Debug builds only? > > > > > > That's my question, too. I *think* it might be the case that some fuzzers > > > use > > > Release builds with DCHECK-is-on to get some of the checks but still be > > > faster/smaller. I think. Let me check with the fuzzing crew. > > > > > > https://codereview.chromium.org/2712823003/ > > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Chromium-reviews" group. > > To unsubscribe from this group and stop receiving emails from it, send an > email > > to mailto:chromium-reviews+unsubscribe@chromium.org. > > Note that the cookie-padding should not be enabled on production builds because > it affects performance and memory. For the purposes of dump-on-DCHECK that restriction would actually be sufficient to "fix" things; DoD builds would have DCHECK_IS_ON() but would still not get cookie-padding. Rather than make every one of the PA conditionals test both, how would you feel about something like: #if !defined(ENABLE_PARTITION_ALLOC_DEBUG) #if DCHECK_IS_ON() && !OFFICIAL_BUILD #define ENABLE_PARTITION_ALLOC_DEBUG() true #else #define ENABLE_PARTITION_ALLOC_DEBUG() false #endif #endif
> As we discussed on the dump-on-DCHECK patch, Chris, Ah yes, I had to page that back in. I had forgotten! > the issue is that the > DCHECK in there is actually security-sensitive, so if someone were to > enable DCHECKs but not have them crash then we've lost that protection. > > The alternatives would be to (1) fix PartitionAlloc to have explicit > sanity-checks independent of build config or (2) change the DCHECK to a > CHECK so it'll crash even in dump-on-DCHECK builds. Isn't (2) basically 1 way of doing (1)? Either way, fine by me. I ran this by the fuzzing crew and they said they do not rely on Release builds that have DCHECK_IS_ON. So no problem there.
lgtm
Getting back to the original question, what is a reason we have to drop the cookie-padding from DCHECK builds? The intention of the cookie-padding is to enable the security protection on all non-production builds.
The problem is that PartitionAlloc doesn't currently have a single place where it sanity-checks the size parameter; when DCHECK_IS_ON() is enabled we enable cookie-padding, and rely on this DCHECK actually crashing the calling process, rather than allowing overrun to occur. With dump-on-DCHECK the DCHECK won't crash, hence the problem Also, bear in mind that many developers rely on Release builds having more-or-less the same performance as Official builds (modulo PGO effects), so we should be careful about introducing differences in performance based on whether the build is "Official"/production. On 23 February 2017 at 18:33, <haraken@chromium.org> wrote: > Getting back to the original question, what is a reason we have to drop the > cookie-padding from DCHECK builds? > > The intention of the cookie-padding is to enable the security protection > on all > non-production builds. > > > https://codereview.chromium.org/2712823003/ > -- You received this message because you are subscribed to the Google Groups "Blink Reviews" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-reviews+unsubscribe@chromium.org.
The problem is that PartitionAlloc doesn't currently have a single place where it sanity-checks the size parameter; when DCHECK_IS_ON() is enabled we enable cookie-padding, and rely on this DCHECK actually crashing the calling process, rather than allowing overrun to occur. With dump-on-DCHECK the DCHECK won't crash, hence the problem Also, bear in mind that many developers rely on Release builds having more-or-less the same performance as Official builds (modulo PGO effects), so we should be careful about introducing differences in performance based on whether the build is "Official"/production. On 23 February 2017 at 18:33, <haraken@chromium.org> wrote: > Getting back to the original question, what is a reason we have to drop the > cookie-padding from DCHECK builds? > > The intention of the cookie-padding is to enable the security protection > on all > non-production builds. > > > https://codereview.chromium.org/2712823003/ > -- You received this message because you are subscribed to the Google Groups "Chromium-reviews" group. To unsubscribe from this group and stop receiving emails from it, send an email to chromium-reviews+unsubscribe@chromium.org.
On 2017/02/25 22:28:29, Wez wrote: > The problem is that PartitionAlloc doesn't currently have a single place > where it sanity-checks the size parameter; when DCHECK_IS_ON() is enabled > we enable cookie-padding, and rely on this DCHECK actually crashing the > calling process, rather than allowing overrun to occur. With > dump-on-DCHECK the DCHECK won't crash, hence the problem So is the CL the only way to circumvent the problem? Then I'm okay with it. > > Also, bear in mind that many developers rely on Release builds having > more-or-less the same performance as Official builds (modulo PGO effects), > so we should be careful about introducing differences in performance based > on whether the build is "Official"/production. This is a wrong assumption though. Release builds can sometimes be much slower than official builds, so we must use official builds to measure performance/memory.
The CQ bit was checked by wez@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...) mac_chromium_compile_dbg_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_comp...)
The CQ bit was checked by wez@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Description was changed from ========== Various logging-related cleanups & reformatting. These changes were part of the dump-on-DCHECK patch, (see https://codereview.chromium.org/1884023002/) but are really just cleanup/reformatting, so should land separately. Besides reformatting and naming cleanups there is a functional change to PartitionAllocator, to enable cookie-padding only in Debug builds, rather than in all DCHECK-enabled builds. BUG=596231 ========== to ========== Various logging-related cleanups & reformatting. These changes were part of the dump-on-DCHECK patch, (see https://codereview.chromium.org/1884023002/) but are really just cleanup/reformatting, so should land separately. BUG=596231 ==========
Description was changed from ========== Various logging-related cleanups & reformatting. These changes were part of the dump-on-DCHECK patch, (see https://codereview.chromium.org/1884023002/) but are really just cleanup/reformatting, so should land separately. BUG=596231 ========== to ========== Various logging-related cleanups & reformatting. These changes were part of the dump-on-DCHECK patch, (see https://codereview.chromium.org/1884023002/) but are really just cleanup/reformatting, so should land separately. They include some minor test and formatting changes. BUG=596231 ==========
The CQ bit was checked by wez@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from palmer@chromium.org, haraken@chromium.org, dcheng@chromium.org Link to the patchset: https://codereview.chromium.org/2712823003/#ps60001 (title: "Fix base unit-tests")
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch. Bot data: {"patchset_id": 60001, "attempt_start_ts": 1497759917761130, "parent_rev": "eb339abb6c31f0f6a02d7b7038031ced69898eea", "commit_rev": "a245bd07a1e59556dc6c967a1c53c439c3dcad9e"}
Message was sent while issue was closed.
Description was changed from ========== Various logging-related cleanups & reformatting. These changes were part of the dump-on-DCHECK patch, (see https://codereview.chromium.org/1884023002/) but are really just cleanup/reformatting, so should land separately. They include some minor test and formatting changes. BUG=596231 ========== to ========== Various logging-related cleanups & reformatting. These changes were part of the dump-on-DCHECK patch, (see https://codereview.chromium.org/1884023002/) but are really just cleanup/reformatting, so should land separately. They include some minor test and formatting changes. BUG=596231 Review-Url: https://codereview.chromium.org/2712823003 Cr-Commit-Position: refs/heads/master@{#480316} Committed: https://chromium.googlesource.com/chromium/src/+/a245bd07a1e59556dc6c967a1c53... ==========
Message was sent while issue was closed.
Committed patchset #4 (id:60001) as https://chromium.googlesource.com/chromium/src/+/a245bd07a1e59556dc6c967a1c53... |