To clarify why this is necessary, CFI-icall checks that the function pointer being called has the type signature that it is called with. For dynamically resolved cross-DSO calls, e.g. using dlsym(), clang doesn't know about the function being resolved and can not check it's type signature. In order to support these cases, we must disable CFI-icall checking, but to prevent these function pointers from being used to hijack control flow we want to protect them by placing them in RO memory.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e0408ff1171f3429e3826fb07e65fe03eb2f4e4a

commit e0408ff1171f3429e3826fb07e65fe03eb2f4e4a
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Fri Oct 13 19:35:24 2017

[CFI] Move CFI flags to use buildflags

Splitting this refactor out from crrev.com/c/706859 to avoid confusing
it with unrelated buildflags. Change CFI flags to use the buildflag
system instead of manually defining flags which has the advantage of
eliminating typo errors in flags checks.

Bug: 771365
Change-Id: Ia2c48efe7974af314b8cac53ba36a2624a9d5428
Reviewed-on: https://chromium-review.googlesource.com/714385
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Brett Wilson <brettw@chromium.org>
Cr-Commit-Position: refs/heads/master@{#508778}
[modify] https://crrev.com/e0408ff1171f3429e3826fb07e65fe03eb2f4e4a/base/BUILD.gn
[modify] https://crrev.com/e0408ff1171f3429e3826fb07e65fe03eb2f4e4a/base/debug/stack_trace_posix.cc
[modify] https://crrev.com/e0408ff1171f3429e3826fb07e65fe03eb2f4e4a/base/tools_sanity_unittest.cc
[modify] https://crrev.com/e0408ff1171f3429e3826fb07e65fe03eb2f4e4a/build/config/sanitizers/BUILD.gn

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/36d1a861ddf153756345ca1904a87c15504188fd

commit 36d1a861ddf153756345ca1904a87c15504188fd
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Fri Nov 10 23:50:23 2017

[CFI] Add protected memory container class

This change introduces a ProtectedMemory container class intended to
store dynamically resolved function pointers for cross-DSO calls that
must be exempted from Control Flow Integrity indirect call checking.
These function pointers can not be checked by cfi-icall, instead we
place them in read-only memory and set them writable only when they
need to be initialized.  ProtectedMemory is only suitable for
storing data in global/static variables, a follow-up change will
introduce a container class that allows dynamically allocating
multiple instances of a given type.

ProtectedMemory currently only works on Linux and macOS, its use is
a no-op on other platforms.

This change also introduces two helper macros to easily call function
pointers stored in ProtectedMemory containers without cfi-icall checks
applied in order to avoid sprinkling no_sanitize("cfi-icall") attributes
throughout the source code and encouraging its misuse.

Bug: 771365
Change-Id: Ic9433095d9550ae8478ad9931ec5e3c37edb23ec
Reviewed-on: https://chromium-review.googlesource.com/706859
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Brett Wilson <brettw@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Chris Palmer <palmer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#515747}
[modify] https://crrev.com/36d1a861ddf153756345ca1904a87c15504188fd/base/BUILD.gn
[add] https://crrev.com/36d1a861ddf153756345ca1904a87c15504188fd/base/memory/protected_memory.h
[add] https://crrev.com/36d1a861ddf153756345ca1904a87c15504188fd/base/memory/protected_memory_cfi.h
[add] https://crrev.com/36d1a861ddf153756345ca1904a87c15504188fd/base/memory/protected_memory_posix.cc
[add] https://crrev.com/36d1a861ddf153756345ca1904a87c15504188fd/base/memory/protected_memory_unittest.cc
[modify] https://crrev.com/36d1a861ddf153756345ca1904a87c15504188fd/build/config/mac/BUILD.gn
[modify] https://crrev.com/36d1a861ddf153756345ca1904a87c15504188fd/tools/gn/bootstrap/bootstrap.py

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e77256b178e2c7b657d50689c6c82cf8aab8f561

commit e77256b178e2c7b657d50689c6c82cf8aab8f561
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Thu Nov 16 19:33:29 2017

[cfi-icall] Use ProtectedMemory for localtime ptrs

Control Flow Integrity [1] indirect call (cfi-icall) checking can not
verify that dynamically resolved function pointers call their intended
function. Instead we place the LibcFunctions pointers in
ProtectedMemory, a wrapper for keeping variables in read-only memory
except for when they are initialized.  After setting the pointers in
protected memory we can use the UnsanitizedCfiCall wrapper to disable
cfi-icall checking when calling them since we know they can not be
tampered with.

[1] https://www.chromium.org/developers/testing/control-flow-integrity

Bug: 771365
Change-Id: Ib74faff066e1107293b67d11f2a1a054bbff08b5
Reviewed-on: https://chromium-review.googlesource.com/769853
Reviewed-by: Chris Palmer <palmer@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517152}
[modify] https://crrev.com/e77256b178e2c7b657d50689c6c82cf8aab8f561/content/zygote/zygote_main_linux.cc
[modify] https://crrev.com/e77256b178e2c7b657d50689c6c82cf8aab8f561/tools/cfi/blacklist.txt

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d0de1771e390b7fdb3f7ebffc7b09ce67103afe1

commit d0de1771e390b7fdb3f7ebffc7b09ce67103afe1
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Thu Nov 16 20:29:35 2017

[CFI] Use ProtectedMemory in CertVerifyProcNSS

Because CertVerifyProcNSS dynamically resolves a pointer to the function
CERT_CacheOCSPResponseFromSideChannel(), Control Flow Integrity [1]
indirect call (cfi-icall) checking can not verify that it is the
intended target for that function pointer call site.

Since we can not use cfi-icall to check the function pointer, instead we
place the pointer in ProtectedMemory, a wrapper for keeping variables in
read-only memory except for when they are initialized. After setting the
pointer in protected memory we can use the UnsanitizedCfiCall wrapper to
disable cfi-icall checking when calling it since we know it can not be
tampered with.

[1] https://www.chromium.org/developers/testing/control-flow-integrity

Bug: 771365
Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Change-Id: I5d65b3591681f3daa917b6516eec1e5e47513d12
Reviewed-on: https://chromium-review.googlesource.com/765098
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Eric Roman <eroman@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517169}
[modify] https://crrev.com/d0de1771e390b7fdb3f7ebffc7b09ce67103afe1/net/cert/cert_verify_proc_nss.cc
[modify] https://crrev.com/d0de1771e390b7fdb3f7ebffc7b09ce67103afe1/net/cert/cert_verify_proc_nss.h
[modify] https://crrev.com/d0de1771e390b7fdb3f7ebffc7b09ce67103afe1/tools/cfi/blacklist.txt

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d2cc1555dc5c28e34d0b56f8455a758ef76364e5

commit d2cc1555dc5c28e34d0b56f8455a758ef76364e5
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Thu Nov 16 22:29:55 2017

[cfi-icall] Use ProtectedMemory for GetProcAddress

Control Flow Integrity [1] indirect call (cfi-icall) checking can not
verify that dynamically resolved function pointers call their intended
function. Instead we place the pointer for GLGetProcAddress in
ProtectedMemory, a wrapper for keeping variables in read-only memory
except for when they are initialized.  After setting the pointer in
protected memory we can use the UnsanitizedCfiCall wrapper to disable
cfi-icall checking when calling it since we know it can not be tampered
with.

[1] https://www.chromium.org/developers/testing/control-flow-integrity

Bug: 771365
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: Ia79c1cfab8e00f88bcc437c34cbb3012537c015a
Reviewed-on: https://chromium-review.googlesource.com/769654
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517208}
[modify] https://crrev.com/d2cc1555dc5c28e34d0b56f8455a758ef76364e5/tools/cfi/blacklist.txt
[modify] https://crrev.com/d2cc1555dc5c28e34d0b56f8455a758ef76364e5/ui/gl/gl_implementation.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1130da30b95e2eb0375375cd452f44709f4115ca

commit 1130da30b95e2eb0375375cd452f44709f4115ca
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Thu Nov 16 23:04:13 2017

Revert "[cfi-icall] Use ProtectedMemory for localtime ptrs"

This reverts commit e77256b178e2c7b657d50689c6c82cf8aab8f561.

Reason for revert: Reverting while I investigate failures causing recursive calls to hang.

Original change's description:
> [cfi-icall] Use ProtectedMemory for localtime ptrs
> 
> Control Flow Integrity [1] indirect call (cfi-icall) checking can not
> verify that dynamically resolved function pointers call their intended
> function. Instead we place the LibcFunctions pointers in
> ProtectedMemory, a wrapper for keeping variables in read-only memory
> except for when they are initialized.  After setting the pointers in
> protected memory we can use the UnsanitizedCfiCall wrapper to disable
> cfi-icall checking when calling them since we know they can not be
> tampered with.
> 
> [1] https://www.chromium.org/developers/testing/control-flow-integrity
> 
> Bug: 771365
> Change-Id: Ib74faff066e1107293b67d11f2a1a054bbff08b5
> Reviewed-on: https://chromium-review.googlesource.com/769853
> Reviewed-by: Chris Palmer <palmer@chromium.org>
> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
> Reviewed-by: Peter Collingbourne <pcc@chromium.org>
> Commit-Queue: Peter Collingbourne <pcc@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#517152}

TBR=jorgelo@chromium.org,palmer@chromium.org,pcc@chromium.org,vtsyrklevich@chromium.org

Change-Id: I77e142638d73bd53de4b6fc1b9db2ffc819f6459
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 771365
Reviewed-on: https://chromium-review.googlesource.com/775594
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517218}
[modify] https://crrev.com/1130da30b95e2eb0375375cd452f44709f4115ca/content/zygote/zygote_main_linux.cc
[modify] https://crrev.com/1130da30b95e2eb0375375cd452f44709f4115ca/tools/cfi/blacklist.txt

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/63e4d43dfd9f097b256c1dd694eb6107621b687d

commit 63e4d43dfd9f097b256c1dd694eb6107621b687d
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Thu Nov 16 23:20:49 2017

Revert "[CFI] Use ProtectedMemory in CertVerifyProcNSS"

This reverts commit d0de1771e390b7fdb3f7ebffc7b09ce67103afe1.

Reason for revert: speculative revert, this might cause hangs on Linux component builds due to linker symbol resolution issues.

Original change's description:
> [CFI] Use ProtectedMemory in CertVerifyProcNSS
> 
> Because CertVerifyProcNSS dynamically resolves a pointer to the function
> CERT_CacheOCSPResponseFromSideChannel(), Control Flow Integrity [1]
> indirect call (cfi-icall) checking can not verify that it is the
> intended target for that function pointer call site.
> 
> Since we can not use cfi-icall to check the function pointer, instead we
> place the pointer in ProtectedMemory, a wrapper for keeping variables in
> read-only memory except for when they are initialized. After setting the
> pointer in protected memory we can use the UnsanitizedCfiCall wrapper to
> disable cfi-icall checking when calling it since we know it can not be
> tampered with.
> 
> [1] https://www.chromium.org/developers/testing/control-flow-integrity
> 
> Bug: 771365
> Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
> Change-Id: I5d65b3591681f3daa917b6516eec1e5e47513d12
> Reviewed-on: https://chromium-review.googlesource.com/765098
> Reviewed-by: Peter Collingbourne <pcc@chromium.org>
> Reviewed-by: Eric Roman <eroman@chromium.org>
> Commit-Queue: Peter Collingbourne <pcc@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#517169}

TBR=eroman@chromium.org,pcc@chromium.org,vtsyrklevich@chromium.org

Change-Id: I2d9a65fd6284c2cf954b46588d70fd1fa6292014
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 771365
Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Reviewed-on: https://chromium-review.googlesource.com/775595
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517223}
[modify] https://crrev.com/63e4d43dfd9f097b256c1dd694eb6107621b687d/net/cert/cert_verify_proc_nss.cc
[modify] https://crrev.com/63e4d43dfd9f097b256c1dd694eb6107621b687d/net/cert/cert_verify_proc_nss.h
[modify] https://crrev.com/63e4d43dfd9f097b256c1dd694eb6107621b687d/tools/cfi/blacklist.txt

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5c3c4ac899a17f8ceab3a6f5fc8090935a6e371b

commit 5c3c4ac899a17f8ceab3a6f5fc8090935a6e371b
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Thu Nov 16 23:21:27 2017

Revert "[cfi-icall] Use ProtectedMemory for GetProcAddress"

This reverts commit d2cc1555dc5c28e34d0b56f8455a758ef76364e5.

Reason for revert: speculative revert, this might cause hangs on Linux component builds due to linker symbol resolution issues.

Original change's description:
> [cfi-icall] Use ProtectedMemory for GetProcAddress
> 
> Control Flow Integrity [1] indirect call (cfi-icall) checking can not
> verify that dynamically resolved function pointers call their intended
> function. Instead we place the pointer for GLGetProcAddress in
> ProtectedMemory, a wrapper for keeping variables in read-only memory
> except for when they are initialized.  After setting the pointer in
> protected memory we can use the UnsanitizedCfiCall wrapper to disable
> cfi-icall checking when calling it since we know it can not be tampered
> with.
> 
> [1] https://www.chromium.org/developers/testing/control-flow-integrity
> 
> Bug: 771365
> Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
> Change-Id: Ia79c1cfab8e00f88bcc437c34cbb3012537c015a
> Reviewed-on: https://chromium-review.googlesource.com/769654
> Commit-Queue: Peter Collingbourne <pcc@chromium.org>
> Reviewed-by: Kenneth Russell <kbr@chromium.org>
> Reviewed-by: Peter Collingbourne <pcc@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#517208}

TBR=kbr@chromium.org,pcc@chromium.org,vtsyrklevich@chromium.org

Change-Id: Ia474d99619795f9b2c40422858caf2a02461e462
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 771365
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Reviewed-on: https://chromium-review.googlesource.com/775596
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517224}
[modify] https://crrev.com/5c3c4ac899a17f8ceab3a6f5fc8090935a6e371b/tools/cfi/blacklist.txt
[modify] https://crrev.com/5c3c4ac899a17f8ceab3a6f5fc8090935a6e371b/ui/gl/gl_implementation.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/00fb4b7ed96237cd71e7b81fd61b458f0c9c15b4

commit 00fb4b7ed96237cd71e7b81fd61b458f0c9c15b4
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Tue Nov 21 03:21:50 2017

[CFI] Fix component build symbol visiblity bug

By default the extern __start/stop_protected_memory symbols were exposed
with global visibility so that if two separate libraries were loaded
with those symbols one library's symbols would be overriden. This would
cause failures when that library tried to perform DCHECK() that a given
pointer was in the bounds of its protected memory section.

The only reliable way to test for this case would be to add another
component to the base_unittests build that built a separate set of
ProtectedMemory unit tests to see if any load-time symbol conflicts
caused unit test failures. It seems undesirable to add the additional
build complexity for this test alone. This bug will be implicitly tested
for once ProtectedMemory is used in separate Chromium components.

The same bug does not occur on the OS X or Windows builds.

Bug: 771365
Change-Id: Ib95e7038d5be7a1d3fe05c42625800b0d7735679
Reviewed-on: https://chromium-review.googlesource.com/777604
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Brett Wilson <brettw@chromium.org>
Cr-Commit-Position: refs/heads/master@{#518070}
[modify] https://crrev.com/00fb4b7ed96237cd71e7b81fd61b458f0c9c15b4/base/memory/protected_memory.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/812c7d685d840e421a546ca7a5638d3794090961

commit 812c7d685d840e421a546ca7a5638d3794090961
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Tue Nov 21 20:35:52 2017

Reland "[cfi-icall] Use ProtectedMemory for localtime ptrs"

This is a reland of e77256b178e2c7b657d50689c6c82cf8aab8f561 now that
crrev.com/00fb4b7ed96237cd71e7b81fd61b458f0c9c15b4 landed fixing the lock-up
issue we previously saw.

Original change's description:
> [cfi-icall] Use ProtectedMemory for localtime ptrs
>
> Control Flow Integrity [1] indirect call (cfi-icall) checking can not
> verify that dynamically resolved function pointers call their intended
> function. Instead we place the LibcFunctions pointers in
> ProtectedMemory, a wrapper for keeping variables in read-only memory
> except for when they are initialized.  After setting the pointers in
> protected memory we can use the UnsanitizedCfiCall wrapper to disable
> cfi-icall checking when calling them since we know they can not be
> tampered with.
>
> [1] https://www.chromium.org/developers/testing/control-flow-integrity
>
> Bug: 771365
> Change-Id: Ib74faff066e1107293b67d11f2a1a054bbff08b5
> Reviewed-on: https://chromium-review.googlesource.com/769853
> Reviewed-by: Chris Palmer <palmer@chromium.org>
> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
> Reviewed-by: Peter Collingbourne <pcc@chromium.org>
> Commit-Queue: Peter Collingbourne <pcc@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#517152}

Bug: 771365
Change-Id: Iaba5de8e37332878cd0b85c9dbdafc08e2d9a6ba
Reviewed-on: https://chromium-review.googlesource.com/782739
Reviewed-by: Chris Palmer <palmer@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#518373}
[modify] https://crrev.com/812c7d685d840e421a546ca7a5638d3794090961/content/zygote/zygote_main_linux.cc
[modify] https://crrev.com/812c7d685d840e421a546ca7a5638d3794090961/tools/cfi/blacklist.txt

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4fc273839a160c7e4b43f4583aa4b8196ecff0fd

commit 4fc273839a160c7e4b43f4583aa4b8196ecff0fd
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Wed Nov 22 19:11:23 2017

Reland "[cfi-icall] Use ProtectedMemory for GetProcAddress"

This is a reland of d2cc1555dc5c28e34d0b56f8455a758ef76364e5 now that
crrev.com/00fb4b7ed96237cd71e7b81fd61b458f0c9c15b4 landed fixing the lock-up
issue we previously saw.

Original change's description:
> [cfi-icall] Use ProtectedMemory for GetProcAddress
>
> Control Flow Integrity [1] indirect call (cfi-icall) checking can not
> verify that dynamically resolved function pointers call their intended
> function. Instead we place the pointer for GLGetProcAddress in
> ProtectedMemory, a wrapper for keeping variables in read-only memory
> except for when they are initialized.  After setting the pointer in
> protected memory we can use the UnsanitizedCfiCall wrapper to disable
> cfi-icall checking when calling it since we know it can not be tampered
> with.
>
> [1] https://www.chromium.org/developers/testing/control-flow-integrity
>
> Bug: 771365
> Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
> Change-Id: Ia79c1cfab8e00f88bcc437c34cbb3012537c015a
> Reviewed-on: https://chromium-review.googlesource.com/769654
> Commit-Queue: Peter Collingbourne <pcc@chromium.org>
> Reviewed-by: Kenneth Russell <kbr@chromium.org>
> Reviewed-by: Peter Collingbourne <pcc@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#517208}

Bug: 771365
Change-Id: Id38d5ab1bb31547a62f92ee64679ea4ed57f7d44
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Reviewed-on: https://chromium-review.googlesource.com/783570
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#518700}
[modify] https://crrev.com/4fc273839a160c7e4b43f4583aa4b8196ecff0fd/tools/cfi/blacklist.txt
[modify] https://crrev.com/4fc273839a160c7e4b43f4583aa4b8196ecff0fd/ui/gl/gl_implementation.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2516577654477a3eea7a4279a9b87167effacdd2

commit 2516577654477a3eea7a4279a9b87167effacdd2
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Wed Nov 22 20:46:49 2017

[cfi-icall] Use ProtectedMemory for ANGLE icall

Control Flow Integrity [1] indirect call (cfi-icall) checking can not
verify that dynamically resolved function pointers call their intended
function. Instead we place the pointers for ANGLEGetDisplayPlatform and
ANGLEResetDisplayPlatform in ProtectedMemory, a wrapper for keeping
variables in read-only memory except for when they are initialized.
After setting the pointers in protected memory we can use the
UnsanitizedCfiCall wrapper to disable cfi-icall checking when calling
them since we know they can not be tampered with.

[1] https://www.chromium.org/developers/testing/control-flow-integrity

Bug: 771365
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: Id20a05ba217c8260ae9a8605327839eb2e061d66
Reviewed-on: https://chromium-review.googlesource.com/769652
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#518738}
[modify] https://crrev.com/2516577654477a3eea7a4279a9b87167effacdd2/tools/cfi/blacklist.txt
[modify] https://crrev.com/2516577654477a3eea7a4279a9b87167effacdd2/ui/gl/angle_platform_impl.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e683c7e9e0616d33876022da8ebd0a82f341e0b3

commit e683c7e9e0616d33876022da8ebd0a82f341e0b3
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Thu Nov 30 20:08:54 2017

[cfi-icall] Store GTK function in ProtectedMemory

Control Flow Integrity [1] indirect call (cfi-icall) checking can not
verify that dynamically resolved function pointers call their intended
function. Instead we place the pointer for gdk_set_allowed_backends in
ProtectedMemory, a wrapper for keeping variables in read-only memory
except for when they are initialized.  After setting the pointer in
protected memory we can use the UnsanitizedCfiCall wrapper to disable
cfi-icall checking when calling it since we know it can not be tampered
with.

[1] https://www.chromium.org/developers/testing/control-flow-integrity

Bug: 771365
Change-Id: I5c359697c466921084aea17cda655231fdc33a92
Reviewed-on: https://chromium-review.googlesource.com/775617
Reviewed-by: Elliot Glaysher <erg@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#520657}
[modify] https://crrev.com/e683c7e9e0616d33876022da8ebd0a82f341e0b3/chrome/browser/ui/libgtkui/gtk_ui.cc
[modify] https://crrev.com/e683c7e9e0616d33876022da8ebd0a82f341e0b3/tools/cfi/blacklist.txt

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d39a025e3ff85e76554ca0574d6200e58d226060

commit d39a025e3ff85e76554ca0574d6200e58d226060
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Tue Dec 05 21:07:10 2017

Reland "[CFI] Use ProtectedMemory in CertVerifyProcNSS"

This is a reland of d0de1771e390b7fdb3f7ebffc7b09ce67103afe1 now that
crrev.com/00fb4b7ed96237cd71e7b81fd61b458f0c9c15b4 landed fixing the lock-up
issue we previously saw.

Original change's description:
> [CFI] Use ProtectedMemory in CertVerifyProcNSS
>
> Because CertVerifyProcNSS dynamically resolves a pointer to the function
> CERT_CacheOCSPResponseFromSideChannel(), Control Flow Integrity [1]
> indirect call (cfi-icall) checking can not verify that it is the
> intended target for that function pointer call site.
>
> Since we can not use cfi-icall to check the function pointer, instead we
> place the pointer in ProtectedMemory, a wrapper for keeping variables in
> read-only memory except for when they are initialized. After setting the
> pointer in protected memory we can use the UnsanitizedCfiCall wrapper to
> disable cfi-icall checking when calling it since we know it can not be
> tampered with.
>
> [1] https://www.chromium.org/developers/testing/control-flow-integrity
>
> Bug: 771365
> Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
> Change-Id: I5d65b3591681f3daa917b6516eec1e5e47513d12
> Reviewed-on: https://chromium-review.googlesource.com/765098
> Reviewed-by: Peter Collingbourne <pcc@chromium.org>
> Reviewed-by: Eric Roman <eroman@chromium.org>
> Commit-Queue: Peter Collingbourne <pcc@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#517169}

Bug: 771365
Change-Id: I908d37ce805f6673f96f7eebdba22be45fe96912
Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Reviewed-on: https://chromium-review.googlesource.com/783590
Reviewed-by: Eric Roman <eroman@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#521827}
[modify] https://crrev.com/d39a025e3ff85e76554ca0574d6200e58d226060/net/cert/cert_verify_proc_nss.cc
[modify] https://crrev.com/d39a025e3ff85e76554ca0574d6200e58d226060/net/cert/cert_verify_proc_nss.h
[modify] https://crrev.com/d39a025e3ff85e76554ca0574d6200e58d226060/tools/cfi/blacklist.txt

Hi, the g_gdk_set_allowed_backends variable added in chrome/browser/ui/libgtkui/gtk_ui.cc is only used with GTK3 and should be gated by #if GTK_MAJOR_VERSION >= 3 or similar. The build currently fails when setting use_gtk3=false:

../../chrome/browser/ui/libgtkui/gtk_ui.cc:411:5: error: unused variable 'g_gdk_set_allowed_backends' [-Werror,-Wunused-variable]
    g_gdk_set_allowed_backends;
    ^
1 error generated.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cf8ff3f91d4d3620a9134b3e5ff2ed6d3db17d0a

commit cf8ff3f91d4d3620a9134b3e5ff2ed6d3db17d0a
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Thu Dec 14 19:18:08 2017

Fix unused variable build failure

As brought up in crbug.com/771365, if this file was compiled with
use_gtk3=false it would fail because the declaration of
g_gdk_set_allowed_backends was not guarded by the same #if statement
guarding its use.

Bug: 771365
Change-Id: Ib765cf8d59d7249aeb2f9cb1144121228edf826d
Reviewed-on: https://chromium-review.googlesource.com/826622
Reviewed-by: Marshall Greenblatt <marshall@chromium.org>
Reviewed-by: Elliot Glaysher <erg@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#524138}
[modify] https://crrev.com/cf8ff3f91d4d3620a9134b3e5ff2ed6d3db17d0a/chrome/browser/ui/libgtkui/gtk_ui.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27

commit a71b54d85c18694c4c4ec34392f87c7d5c8a8f27
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Fri Dec 15 04:13:02 2017

[cfi-icall] Refactor GL g_driver_* to be CFI-safe

Control Flow Integrity [1] indirect call (cfi-icall) checking can not
verify that dynamically resolved function pointers call their intended
function. To account for this, we place the function pointers in the
various g_driver_* structs in ProtectedMemory, a wrapper for keeping
variables in read-only memory except for when they are initialized.
Once they are set they can not be tampered with since the memory is set
back to read-only.

The generated bindings in gl_bindings_autogen_*.cc are not aware of the
fact that their implementation is held in protected memory, so instead
of using base::UnsanitizedCfiCall() we mark the individual function
stubs with __attribute__((no_sanitize("cfi-icall"))) to disable icall
checks on the generated bindings since their function pointer calls
are routed through protected memory.

[1] https://www.chromium.org/developers/testing/control-flow-integrity

Bug: 771365
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: I6bbf1b9a4122e1d00f6d2a365ae3730b4bb95a73
Reviewed-on: https://chromium-review.googlesource.com/770252
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Dan Sanders <sandersd@chromium.org>
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#524318}
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/base/compiler_specific.h
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/gpu/command_buffer/service/passthrough_program_cache.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/gpu/command_buffer/service/texture_definition.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/media/gpu/dxva_video_decode_accelerator_win.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/media/gpu/v4l2/v4l2_slice_video_decode_accelerator.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/media/gpu/v4l2/v4l2_video_decode_accelerator.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/tools/cfi/blacklist.txt
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/egl_api_unittest.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/generate_bindings.py
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_bindings.h
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_bindings_autogen_egl.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_bindings_autogen_gl.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_bindings_autogen_glx.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_bindings_autogen_osmesa.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_bindings_autogen_wgl.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_context_glx_unittest.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_context_wgl.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_egl_api_implementation.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_fence.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_fence_egl.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_glx_api_implementation.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_osmesa_api_implementation.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_surface_egl.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_surface_glx.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_surface_wgl.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/gl_wgl_api_implementation.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/glx_api_unittest.cc
[modify] https://crrev.com/a71b54d85c18694c4c4ec34392f87c7d5c8a8f27/ui/gl/wgl_api_unittest.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2fce2f6270fcbefb94fca2e227f5db192bbec7f0

commit 2fce2f6270fcbefb94fca2e227f5db192bbec7f0
Author: Eric Karl <ericrk@chromium.org>
Date: Fri Dec 15 18:15:51 2017

Revert "[cfi-icall] Refactor GL g_driver_* to be CFI-safe"

This reverts commit a71b54d85c18694c4c4ec34392f87c7d5c8a8f27.

Reason for revert: Breaking the Linux Debug NVidia bot. See  crbug.com/795332  for more details.

Original change's description:
> [cfi-icall] Refactor GL g_driver_* to be CFI-safe
> 
> Control Flow Integrity [1] indirect call (cfi-icall) checking can not
> verify that dynamically resolved function pointers call their intended
> function. To account for this, we place the function pointers in the
> various g_driver_* structs in ProtectedMemory, a wrapper for keeping
> variables in read-only memory except for when they are initialized.
> Once they are set they can not be tampered with since the memory is set
> back to read-only.
> 
> The generated bindings in gl_bindings_autogen_*.cc are not aware of the
> fact that their implementation is held in protected memory, so instead
> of using base::UnsanitizedCfiCall() we mark the individual function
> stubs with __attribute__((no_sanitize("cfi-icall"))) to disable icall
> checks on the generated bindings since their function pointer calls
> are routed through protected memory.
> 
> [1] https://www.chromium.org/developers/testing/control-flow-integrity
> 
> Bug: 771365
> Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
> Change-Id: I6bbf1b9a4122e1d00f6d2a365ae3730b4bb95a73
> Reviewed-on: https://chromium-review.googlesource.com/770252
> Commit-Queue: Peter Collingbourne <pcc@chromium.org>
> Reviewed-by: Dan Sanders <sandersd@chromium.org>
> Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
> Reviewed-by: Peter Collingbourne <pcc@chromium.org>
> Reviewed-by: Daniel Cheng <dcheng@chromium.org>
> Reviewed-by: Kenneth Russell <kbr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#524318}

TBR=dcheng@chromium.org,dalecurtis@chromium.org,kbr@chromium.org,sandersd@chromium.org,pcc@chromium.org,vtsyrklevich@chromium.org

Change-Id: Ib4a1eae5e9f01f5e9ddbb1fcc5c66fc0b91f1015
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 771365,  795332 
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Reviewed-on: https://chromium-review.googlesource.com/830173
Reviewed-by: Eric Karl <ericrk@chromium.org>
Commit-Queue: Eric Karl <ericrk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#524411}
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/base/compiler_specific.h
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/gpu/command_buffer/service/passthrough_program_cache.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/gpu/command_buffer/service/texture_definition.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/media/gpu/dxva_video_decode_accelerator_win.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/media/gpu/v4l2/v4l2_slice_video_decode_accelerator.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/media/gpu/v4l2/v4l2_video_decode_accelerator.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/tools/cfi/blacklist.txt
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/egl_api_unittest.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/generate_bindings.py
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_bindings.h
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_bindings_autogen_egl.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_bindings_autogen_gl.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_bindings_autogen_glx.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_bindings_autogen_osmesa.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_bindings_autogen_wgl.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_context_glx_unittest.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_context_wgl.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_egl_api_implementation.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_fence.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_fence_egl.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_glx_api_implementation.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_osmesa_api_implementation.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_surface_egl.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_surface_glx.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_surface_wgl.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/gl_wgl_api_implementation.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/glx_api_unittest.cc
[modify] https://crrev.com/2fce2f6270fcbefb94fca2e227f5db192bbec7f0/ui/gl/wgl_api_unittest.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/70bdda1c7b9043f9776e63825b30ef60574994f3

commit 70bdda1c7b9043f9776e63825b30ef60574994f3
Author: Kenneth Russell <kbr@chromium.org>
Date: Sat Dec 23 02:05:37 2017

[cfi-icall] Fix ProtectedMemory usage for ANGLE icall.

Resetting the g_angle_reset_platform function pointer was incorrectly
requesting writable memory for g_angle_get_platform.

BUG= 782471 , 771365
TBR=pcc@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: I3c558f813f84a6495dfe530129515b36f20dfd2b
Reviewed-on: https://chromium-review.googlesource.com/843634
Commit-Queue: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#526128}
[modify] https://crrev.com/70bdda1c7b9043f9776e63825b30ef60574994f3/ui/gl/angle_platform_impl.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5b2add5df2e004b1eca22685ed550fb10e3acf9b

commit 5b2add5df2e004b1eca22685ed550fb10e3acf9b
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Thu Jan 11 23:23:47 2018

[CFI] Make call to GTK function CFI-icall safe

Control Flow Integrity [1] indirect call (cfi-icall) checking can not
verify that dynamically resolved function pointers call their intended
function. Instead we place the function pointer ProtectedMemory, a
wrapper for keeping variables in read-only memory except for when they
are initialized.  After setting the pointer in protected memory we can
use the UnsanitizedCfiCall wrapper to disable cfi-icall checking when
calling it since we know it can not be tampered with.

[1] https://www.chromium.org/developers/testing/control-flow-integrity

Bug: 771365
Change-Id: I4fc06455cf790115080a98a738e93bff65d28d95
Reviewed-on: https://chromium-review.googlesource.com/817943
Reviewed-by: Elliot Glaysher <erg@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#528809}
[modify] https://crrev.com/5b2add5df2e004b1eca22685ed550fb10e3acf9b/chrome/browser/ui/libgtkui/gtk_util.cc
[modify] https://crrev.com/5b2add5df2e004b1eca22685ed550fb10e3acf9b/tools/cfi/blacklist.txt

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/23f850392d7320b650e089f3e8ff9cf23a9d3ca7

commit 23f850392d7320b650e089f3e8ff9cf23a9d3ca7
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Wed Mar 07 20:46:16 2018

[CFI] Port ProtectedMemory to Windows

Implement platform-specific ProtectedMemory behavior, specifically implement
setting memory read-only/read-write, checking whether a given pointer points to
read-only memory, and identifying the beginning and end points for the protected
memory section.

Bug: 771365
Change-Id: I814ed932f3b57dc674ae342f79622fc84c92c351
Reviewed-on: https://chromium-review.googlesource.com/765009
Reviewed-by: Nico Weber <thakis@chromium.org>
Reviewed-by: Brett Wilson <brettw@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#541567}
[modify] https://crrev.com/23f850392d7320b650e089f3e8ff9cf23a9d3ca7/base/BUILD.gn
[add] https://crrev.com/23f850392d7320b650e089f3e8ff9cf23a9d3ca7/base/memory/protected_memory.cc
[modify] https://crrev.com/23f850392d7320b650e089f3e8ff9cf23a9d3ca7/base/memory/protected_memory.h
[modify] https://crrev.com/23f850392d7320b650e089f3e8ff9cf23a9d3ca7/base/memory/protected_memory_cfi.h
[modify] https://crrev.com/23f850392d7320b650e089f3e8ff9cf23a9d3ca7/base/memory/protected_memory_posix.cc
[add] https://crrev.com/23f850392d7320b650e089f3e8ff9cf23a9d3ca7/base/memory/protected_memory_win.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/daf551db4efcd7c443eb8ea92bd5d250340092b8

commit daf551db4efcd7c443eb8ea92bd5d250340092b8
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Mon Apr 09 20:05:17 2018

[CFI] Fix cfi-icall regression

Control Flow Integrity [1] indirect call checking verifies that function
pointers only call valid functions with a matching type signature. It
can't verify dynamically resolved function pointers, instead store them
in ProtectedMemory and calls them using base::UnsanitizedCfiCall() to
disable cfi-icall checks.

[1] https://www.chromium.org/developers/testing/control-flow-integrity

BUG=771365

Change-Id: I79b4c8a2bb6b7a77ff35860e7d4f7ad226745dca
Reviewed-on: https://chromium-review.googlesource.com/1000426
Reviewed-by: Thomas Anderson <thomasanderson@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#549250}
[modify] https://crrev.com/daf551db4efcd7c443eb8ea92bd5d250340092b8/ui/views/widget/desktop_aura/desktop_screen_x11.cc

This bug has an owner, thus, it's been triaged. Changing status to "assigned".