Enable Control Flow Integrity for the official Linux Chrome. Try 6.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
and should not be an issue.

BUG=chromium:464797
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ

This is a sixth attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1502373003/
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/
https://codereview.chromium.org/1502233004/
https://codereview.chromium.org/1513623004/

The last time it failed, it was primarily due to the perf build slaves
being much slower then the local build or other GCE slaves,
see https://crbug.com/569732. This is still under investigation,
and the timeout has been increased in the mean time:
https://codereview.chromium.org/1528533003/

Review URL: https://codereview.chromium.org/1529993002

Cr-Commit-Position: refs/heads/master@{#365486}

1 files changed, 7 insertions, 0 deletions

diff --git a/build/common.gypi b/build/common.gypi
index 800cefe..b2e8e6e 100644
--- a/build/common.gypi
+++ b/build/common.gypi
@@ -855,6 +855,13 @@
           'enable_prod_wallet_service%': 1,
         }],
 
+        # Enable Control Flow Integrity for the official Linux Chrome.
+        # This triggers an LTO build that requires LLVM Gold plugin to be
+        # downloaded. See src/tools/clang/scripts/update.py
+        ['OS=="linux" and target_arch=="x64" and buildtype=="Official" and branding=="Chrome" and chromeos==0', {
+          'cfi_vptr%': 1,
+        }],
+
         # Enable hotwording on Chrome-branded ChromeOS builds.
         ['branding=="Chrome" and chromeos==1', {
           'enable_hotwording%': 1,