commit | efe55ae0c0f26165d71d540ac319ccc9bc569cb3 | [log] [tgz] |
---|---|---|
author | krasin <krasin@google.com> | Mon Dec 14 22:59:58 2015 |
committer | Commit bot <commit-bot@chromium.org> | Mon Dec 14 23:00:37 2015 |
tree | 5d9176cbaff1f68b4433a79a63f86fcf75419a19 | |
parent | 506fb607874c407b10c0047871dc2365cecdb69a [diff] |
Enable Control Flow Integrity for the official Linux Chrome. This CL turns on CFI, a security check: https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity http://clang.llvm.org/docs/ControlFlowIntegrity.html This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x. CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%, and should not be an issue. BUG=chromium:464797 Intent to Implement thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ This is a fifth attempt to land the CL. Previous attempts: https://codereview.chromium.org/1502373003/ https://codereview.chromium.org/1501593003/ https://codereview.chromium.org/1393283005/ https://codereview.chromium.org/1502233004/ The last time it failed, it was primarily due to the new Clang roll, that had a bug in the linker. This is now fixed upstream and the new Clang roll happened: https://crbug.com/568248 Perf bots were purple and got a RAM upgrade: https://crbug.com/567787 precice64 official buildbot got OOM due to too many Gold instances running in parallel: https://crbug.com/568011, a more conservative limit was submitted: https://codereview.chromium.org/1509733004/ TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1513623004 Cr-Commit-Position: refs/heads/master@{#365117}