Issue 832393003: [gin] Fingerprint the V8 snapshot files on Windows and verify before loading the snapshot.

Issue 832393003: [gin] Fingerprint the V8 snapshot files on Windows and verify before loading the snapshot. (Closed)

Created:
5 years, 11 months ago by rmcilroy

Modified:
5 years, 11 months ago

Reviewers:
Dmitry Lomov (no reviews), jochen (gone - plz use gerrit), davidben, grt (UTC plus 2)

CC:
chromium-reviews, darin-cc_chromium.org, gab, grt (UTC plus 2), jam

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

[gin] Fingerprint the V8 snapshot files on Windows and verify before loading the snapshot. Adds code which generates a SHA256 fingerprint of the external V8 snapshot blob files during the build process, and embeds these values into the binary. During startup the SHA256 hash of the snapshot blobs are compared against these fingerprints and Chrome will fail to load if they differ. BUG=421063, 439661 Committed: https://crrev.com/da69cd0f7c2f92640b7d00e59f66eb3b9fabba2e Cr-Commit-Position: refs/heads/master@{#310755}

Patch Set 1 : #

Total comments: 8

Patch Set 2 : Add GN support and limit to Windows #

Total comments: 8

Patch Set 3 : ifdef to windows only #

Patch Set 4 : Fix 'all' target when v8_use_external_startup_data==0 #

Total comments: 6

Patch Set 5 : Address grt's comments #

Total comments: 2

Patch Set 6 : Fix comment #

Created: 5 years, 11 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+235 lines, -14 lines)			Patch
M	content/app/content_main_runner.cc	View	1 2 3 4	2 chunks	+4 lines, -4 lines	0 comments	Download
M	gin/BUILD.gn	View	1 2 3 4	2 chunks	+36 lines, -0 lines	0 comments	Download
M	gin/DEPS	View		1 chunk	+1 line, -0 lines	0 comments	Download
A	gin/fingerprint/fingerprint_v8_snapshot.gypi	View	1 2 3 4	1 chunk	+47 lines, -0 lines	0 comments	Download
A	gin/fingerprint/fingerprint_v8_snapshot.py	View	1	1 chunk	+86 lines, -0 lines	0 comments	Download
M	gin/gin.gyp	View	1 2 3 4	3 chunks	+25 lines, -1 line	0 comments	Download
M	gin/isolate_holder.cc	View	1 2 3 4 5	6 chunks	+35 lines, -8 lines	0 comments	Download
M	gin/public/isolate_holder.h	View	1 2 3 4 5	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 22 (7 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

rmcilroy

jochen: please review changes in gin. davidben: please review addition of crypto to gin DEPS ...

5 years, 11 months ago (2015-01-07 14:14:12 UTC) #5

jochen (gone - plz use gerrit)

can you also hack this into the gin/BUILD.gn file? maybe we should restrict this to ...

5 years, 11 months ago (2015-01-07 15:17:38 UTC) #7

davidben

On 2015/01/07 14:14:12, rmcilroy wrote: > davidben: please review addition of crypto to gin DEPS ...

5 years, 11 months ago (2015-01-07 15:43:20 UTC) #8

grt (UTC plus 2)

approach looks okay to me. can you make it work for the GN build, too? ...

5 years, 11 months ago (2015-01-07 19:27:19 UTC) #10

rmcilroy

Added Gin support and made this Windows only, PTAL, thanks. https://codereview.chromium.org/832393003/diff/60001/gin/fingerprint/fingerprint_v8_snapshot.py File gin/fingerprint/fingerprint_v8_snapshot.py (right): https://codereview.chromium.org/832393003/diff/60001/gin/fingerprint/fingerprint_v8_snapshot.py#newcode18 ...

5 years, 11 months ago (2015-01-08 15:05:35 UTC) #11

jochen (gone - plz use gerrit)

https://codereview.chromium.org/832393003/diff/80001/gin/BUILD.gn File gin/BUILD.gn (right): https://codereview.chromium.org/832393003/diff/80001/gin/BUILD.gn#newcode73 gin/BUILD.gn:73: if (v8_use_external_startup_data) { shouldn't that be v8_use_external_startup_data && windows? ...

5 years, 11 months ago (2015-01-08 15:11:53 UTC) #12

rmcilroy

5 years, 11 months ago (2015-01-08 16:29:21 UTC) #13

grt (UTC plus 2)

https://codereview.chromium.org/832393003/diff/120001/content/app/content_main_runner.cc File content/app/content_main_runner.cc (right): https://codereview.chromium.org/832393003/diff/120001/content/app/content_main_runner.cc#newcode741 content/app/content_main_runner.cc:741: CHECK(gin::IsolateHolder::LoadAndVerifyV8Snapshot()); why should consumers need to know which platforms ...

5 years, 11 months ago (2015-01-08 17:46:35 UTC) #15

rmcilroy

Comments addressed, thanks. https://codereview.chromium.org/832393003/diff/120001/content/app/content_main_runner.cc File content/app/content_main_runner.cc (right): https://codereview.chromium.org/832393003/diff/120001/content/app/content_main_runner.cc#newcode741 content/app/content_main_runner.cc:741: CHECK(gin::IsolateHolder::LoadAndVerifyV8Snapshot()); On 2015/01/08 17:46:35, grt wrote: ...

5 years, 11 months ago (2015-01-08 18:54:15 UTC) #16

grt (UTC plus 2)

lgtm with a comment nit https://codereview.chromium.org/832393003/diff/140001/gin/isolate_holder.cc File gin/isolate_holder.cc (right): https://codereview.chromium.org/832393003/diff/140001/gin/isolate_holder.cc#newcode26 gin/isolate_holder.cc:26: #endif // defined(OS_MACOSX) i ...

5 years, 11 months ago (2015-01-08 19:19:02 UTC) #17

rmcilroy

Thanks for the reviews. https://codereview.chromium.org/832393003/diff/140001/gin/isolate_holder.cc File gin/isolate_holder.cc (right): https://codereview.chromium.org/832393003/diff/140001/gin/isolate_holder.cc#newcode26 gin/isolate_holder.cc:26: #endif // defined(OS_MACOSX) On 2015/01/08 ...

5 years, 11 months ago (2015-01-09 10:27:18 UTC) #18

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/832393003/160001

5 years, 11 months ago (2015-01-09 10:27:56 UTC) #20

commit-bot: I haz the power

5 years, 11 months ago (2015-01-09 11:32:42 UTC) #22

Message was sent while issue was closed.

Patchset 6 (id:??) landed as
https://crrev.com/da69cd0f7c2f92640b7d00e59f66eb3b9fabba2e
Cr-Commit-Position: refs/heads/master@{#310755}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages