diff options
author | krasin <krasin@google.com> | 2015-12-16 11:44:10 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-12-16 19:45:05 +0000 |
commit | 1e16347cc95833f00b9d7347cc35b12423ca6ddf (patch) | |
tree | 5ba48e6dc18543e07ac0bf6fa06c49d2056faeca | |
parent | 6ce90ecc6a0989356dec97638bea4f88e10a8d03 (diff) | |
download | chromium_src-1e16347cc95833f00b9d7347cc35b12423ca6ddf.zip chromium_src-1e16347cc95833f00b9d7347cc35b12423ca6ddf.tar.gz chromium_src-1e16347cc95833f00b9d7347cc35b12423ca6ddf.tar.bz2 |
Revert of Enable Control Flow Integrity for the official Linux Chrome. Try 6. (patchset #1 id:1 of https://codereview.chromium.org/1529993002/ )
Reason for revert:
Official desktop continuous builder takes >8 hours while using up to 100% RAM and as much CPU it could get while still not hitting OOM.
Try 6 is scrubbed. The next attempt will be in late January 2016 or even February. We will try to reduce the requirements for RAM and CPU while linking the binaries with CFI.
Original issue's description:
> Enable Control Flow Integrity for the official Linux Chrome. Try 6.
>
> This CL turns on CFI, a security check:
> https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
> http://clang.llvm.org/docs/ControlFlowIntegrity.html
>
> This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
> CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
> and should not be an issue.
>
> BUG=chromium:464797
> Intent to Implement thread:
> https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ
>
> This is a sixth attempt to land the CL. Previous attempts:
> https://codereview.chromium.org/1502373003/
> https://codereview.chromium.org/1501593003/
> https://codereview.chromium.org/1393283005/
> https://codereview.chromium.org/1502233004/
> https://codereview.chromium.org/1513623004/
>
> The last time it failed, it was primarily due to the perf build slaves
> being much slower then the local build or other GCE slaves,
> see https://crbug.com/569732. This is still under investigation,
> and the timeout has been increased in the mean time:
> https://codereview.chromium.org/1528533003/
>
> Committed: https://crrev.com/14cb7878cb522ad05480547690ec3990f4bbb156
> Cr-Commit-Position: refs/heads/master@{#365486}
TBR=thestig@chromium.org,thakis@chromium.org,pcc@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:464797
Review URL: https://codereview.chromium.org/1532693002
Cr-Commit-Position: refs/heads/master@{#365590}
-rw-r--r-- | build/common.gypi | 7 | ||||
-rw-r--r-- | build/config/sanitizers/sanitizers.gni | 11 | ||||
-rw-r--r-- | chrome/installer/linux/debian/expected_deps_x64 | 2 |
3 files changed, 5 insertions, 15 deletions
diff --git a/build/common.gypi b/build/common.gypi index 7ae057c..d829ae4 100644 --- a/build/common.gypi +++ b/build/common.gypi @@ -855,13 +855,6 @@ 'enable_prod_wallet_service%': 1, }], - # Enable Control Flow Integrity for the official Linux Chrome. - # This triggers an LTO build that requires LLVM Gold plugin to be - # downloaded. See src/tools/clang/scripts/update.py - ['OS=="linux" and target_arch=="x64" and buildtype=="Official" and branding=="Chrome" and chromeos==0', { - 'cfi_vptr%': 1, - }], - # Enable hotwording on Chrome-branded ChromeOS builds. ['branding=="Chrome" and chromeos==1', { 'enable_hotwording%': 1, diff --git a/build/config/sanitizers/sanitizers.gni b/build/config/sanitizers/sanitizers.gni index 6d12813..f8f469c 100644 --- a/build/config/sanitizers/sanitizers.gni +++ b/build/config/sanitizers/sanitizers.gni @@ -2,8 +2,6 @@ # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. -import("//build/config/chrome_build.gni") - declare_args() { # Compile for Address Sanitizer to find memory bugs. is_asan = false @@ -39,6 +37,10 @@ declare_args() { # https://code.google.com/p/sawbuck/wiki/SyzyASanHowTo is_syzyasan = false + # Compile with Control Flow Integrity to protect virtual calls and casts. + # See http://clang.llvm.org/docs/ControlFlowIntegrity.html + is_cfi = false + # By default, Control Flow Integrity will crash the program if it detects a # violation. Set this to true to print detailed diagnostics instead. use_cfi_diag = false @@ -56,11 +58,6 @@ declare_args() { # declare_args block. User overrides are only applied at the end of a # declare_args block. declare_args() { - # Compile with Control Flow Integrity to protect virtual calls and casts. - # See http://clang.llvm.org/docs/ControlFlowIntegrity.html - is_cfi = is_linux && !is_chromeos && target_cpu == "x64" && - is_chrome_branded && is_official_build - # Use libc++ (buildtools/third_party/libc++ and # buildtools/third_party/libc++abi) instead of stdlibc++ as standard library. # This is intended to be used for instrumented builds. diff --git a/chrome/installer/linux/debian/expected_deps_x64 b/chrome/installer/linux/debian/expected_deps_x64 index 24d6a3f..f1d0084 100644 --- a/chrome/installer/linux/debian/expected_deps_x64 +++ b/chrome/installer/linux/debian/expected_deps_x64 @@ -4,7 +4,7 @@ libatk1.0-0 (>= 1.12.4) libc6 (>= 2.12) libcairo2 (>= 1.6.0) libcups2 (>= 1.4.0) -libdbus-1-3 (>= 1.1.4) +libdbus-1-3 (>= 1.2.14) libexpat1 (>= 1.95.8) libfontconfig1 (>= 2.8.0) libfreetype6 (>= 2.3.9) |