[Build] Disable build-time untrusted code mitigations on non-Android platforms and ia32.

Non-Android platforms are protected in Chrome by site isolation, therefore we can disable the untrusted code mitigations. We still enable them on Android, and on simulator builds since that is where we do much of the correctness testing for Android. Mitigations for ia32 are disabled since they conflict with upcoming work on an ia32 root register. BUG=chromium:860429, v8:6666 Change-Id: I7831071ec1c4490b7d303314c53c27078fa04979 Reviewed-on: https://chromium-review.googlesource.com/c/1276470Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#56753}

[Build] Disable build-time untrusted code mitigations on non-Android platforms and ia32.
Non-Android platforms are protected in Chrome by site isolation, therefore we can disable the untrusted code mitigations. We still enable them on Android, and on simulator builds since that is where we do much of the correctness testing for Android. Mitigations for ia32 are disabled since they conflict with upcoming work on an ia32 root register. BUG=chromium:860429, v8:6666 Change-Id: I7831071ec1c4490b7d303314c53c27078fa04979 Reviewed-on: https://chromium-review.googlesource.com/c/1276470Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#56753}
bac7dad6 · Ross McIlroy · Commit Bot · 51688352 · bac7dad6
Commit bac7dad6 authored Oct 17, 2018 by Ross McIlroy Committed by Commit Bot Oct 18, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 6 deletions

BUILD.gn BUILD.gn +12 -6

No files found.
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -18,6 +18,12 @@ if (is_android) {
 import("gni/v8.gni")
 import("snapshot_toolchain.gni")

+# Specifies if the target build is a simulator build. Comparing target cpu
+# with v8 target cpu to not affect simulator builds for making cross-compile
+# snapshots.
+is_target_simulator = (target_cpu != v8_target_cpu && !v8_multi_arch_build) ||
+                      (current_cpu != v8_current_cpu && v8_multi_arch_build)
+
 declare_args() {
  # Print to stdout on Android.
  v8_android_log_stdout = false
@@ -157,7 +163,12 @@ declare_args() {
  v8_check_microtasks_scopes_consistency = ""

  # Enable mitigations for executing untrusted code.
-  v8_untrusted_code_mitigations = true
+  # Disabled by default on ia32 due to conflicting requirements with embedded
+  # builtins. Enabled by default on Android since it doesn't support
+  # site-isolation in Chrome and on simulator builds which test code generation
+  # on these platforms.
+  v8_untrusted_code_mitigations =
+      v8_current_cpu != "x86" && (is_android || is_target_simulator)

  # Enable minor mark compact.
  v8_enable_minor_mc = true
@@ -210,11 +221,6 @@ assert(
        !v8_untrusted_code_mitigations,
    "Embedded builtins on ia32 and untrusted code mitigations are incompatible")

-# Specifies if the target build is a simulator build. Comparing target cpu
-# with v8 target cpu to not affect simulator builds for making cross-compile
-# snapshots.
-is_target_simulator = target_cpu != v8_target_cpu
-
 v8_random_seed = "314159265"
 v8_toolset_for_shell = "host"