Revert of Enable Control Flow Integrity for the official Linux Chrome. Try 6. (patchset #1 id:1 of https://codereview.chromium.org/1529993002/ )

Reason for revert: Official desktop continuous builder takes >8 hours while using up to 100% RAM and as much CPU it could get while still not hitting OOM. Try 6 is scrubbed. The next attempt will be in late January 2016 or even February. We will try to reduce the requirements for RAM and CPU while linking the binaries with CFI. Original issue's description: > Enable Control Flow Integrity for the official Linux Chrome. Try 6. > > This CL turns on CFI, a security check: > https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity > http://clang.llvm.org/docs/ControlFlowIntegrity.html > > This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. > CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, > and should not be an issue. > > BUG=chromium:464797 > Intent to Implement thread: > https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ > > This is a sixth attempt to land the CL. Previous attempts: > https://codereview.chromium.org/1502373003/ > https://codereview.chromium.org/1501593003/ > https://codereview.chromium.org/1393283005/ > https://codereview.chromium.org/1502233004/ > https://codereview.chromium.org/1513623004/ > > The last time it failed, it was primarily due to the perf build slaves > being much slower then the local build or other GCE slaves, > see https://crbug.com/569732. This is still under investigation, > and the timeout has been increased in the mean time: > https://codereview.chromium.org/1528533003/ > > Committed: https://crrev.com/14cb7878cb522ad05480547690ec3990f4bbb156 > Cr-Commit-Position: refs/heads/master@{#365486} TBR=thestig@chromium.org,thakis@chromium.org,pcc@google.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:464797 Review URL: https://codereview.chromium.org/1532693002 Cr-Commit-Position: refs/heads/master@{#365590}
author: krasin <krasin@google.com> 2015-12-16 11:44:10 -0800
committer: Commit bot <commit-bot@chromium.org> 2015-12-16 19:45:05 +0000
commit: 1e16347cc95833f00b9d7347cc35b12423ca6ddf (patch)
tree: 5ba48e6dc18543e07ac0bf6fa06c49d2056faeca
parent: 6ce90ecc6a0989356dec97638bea4f88e10a8d03 (diff)
download: chromium_src-1e16347cc95833f00b9d7347cc35b12423ca6ddf.zip
chromium_src-1e16347cc95833f00b9d7347cc35b12423ca6ddf.tar.gz
chromium_src-1e16347cc95833f00b9d7347cc35b12423ca6ddf.tar.bz2
3 files changed, 5 insertions, 15 deletions
diff --git a/build/common.gypi b/build/common.gypi
index 7ae057c..d829ae4 100644
--- a/build/common.gypi
+++ b/build/common.gypi
@@ -855,13 +855,6 @@
           'enable_prod_wallet_service%': 1,
         }],
 
-        # Enable Control Flow Integrity for the official Linux Chrome.
-        # This triggers an LTO build that requires LLVM Gold plugin to be
-        # downloaded. See src/tools/clang/scripts/update.py
-        ['OS=="linux" and target_arch=="x64" and buildtype=="Official" and branding=="Chrome" and chromeos==0', {
-          'cfi_vptr%': 1,
-        }],
-
         # Enable hotwording on Chrome-branded ChromeOS builds.
         ['branding=="Chrome" and chromeos==1', {
           'enable_hotwording%': 1,
diff --git a/build/config/sanitizers/sanitizers.gni b/build/config/sanitizers/sanitizers.gni
index 6d12813..f8f469c 100644
--- a/build/config/sanitizers/sanitizers.gni
+++ b/build/config/sanitizers/sanitizers.gni
@@ -2,8 +2,6 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
-import("//build/config/chrome_build.gni")
-
 declare_args() {
   # Compile for Address Sanitizer to find memory bugs.
   is_asan = false
@@ -39,6 +37,10 @@ declare_args() {
   # https://code.google.com/p/sawbuck/wiki/SyzyASanHowTo
   is_syzyasan = false
 
+  # Compile with Control Flow Integrity to protect virtual calls and casts.
+  # See http://clang.llvm.org/docs/ControlFlowIntegrity.html
+  is_cfi = false
+
   # By default, Control Flow Integrity will crash the program if it detects a
   # violation. Set this to true to print detailed diagnostics instead.
   use_cfi_diag = false
@@ -56,11 +58,6 @@ declare_args() {
 # declare_args block. User overrides are only applied at the end of a
 # declare_args block.
 declare_args() {
-  # Compile with Control Flow Integrity to protect virtual calls and casts.
-  # See http://clang.llvm.org/docs/ControlFlowIntegrity.html
-  is_cfi = is_linux && !is_chromeos && target_cpu == "x64" &&
-           is_chrome_branded && is_official_build
-
   # Use libc++ (buildtools/third_party/libc++ and
   # buildtools/third_party/libc++abi) instead of stdlibc++ as standard library.
   # This is intended to be used for instrumented builds.
diff --git a/chrome/installer/linux/debian/expected_deps_x64 b/chrome/installer/linux/debian/expected_deps_x64
index 24d6a3f..f1d0084 100644
--- a/chrome/installer/linux/debian/expected_deps_x64
+++ b/chrome/installer/linux/debian/expected_deps_x64
@@ -4,7 +4,7 @@ libatk1.0-0 (>= 1.12.4)
 libc6 (>= 2.12)
 libcairo2 (>= 1.6.0)
 libcups2 (>= 1.4.0)
-libdbus-1-3 (>= 1.1.4)
+libdbus-1-3 (>= 1.2.14)
 libexpat1 (>= 1.95.8)
 libfontconfig1 (>= 2.8.0)
 libfreetype6 (>= 2.3.9)
author	krasin <krasin@google.com>	2015-12-16 11:44:10 -0800
committer	Commit bot <commit-bot@chromium.org>	2015-12-16 19:45:05 +0000
commit	1e16347cc95833f00b9d7347cc35b12423ca6ddf (patch)
tree	5ba48e6dc18543e07ac0bf6fa06c49d2056faeca
parent	6ce90ecc6a0989356dec97638bea4f88e10a8d03 (diff)
download	chromium_src-1e16347cc95833f00b9d7347cc35b12423ca6ddf.zip chromium_src-1e16347cc95833f00b9d7347cc35b12423ca6ddf.tar.gz chromium_src-1e16347cc95833f00b9d7347cc35b12423ca6ddf.tar.bz2