[CFI] Enable cfi-icall for official Linux x64 builds

The measured size impact is 1.5% and perf impact is ~1%. Bug: 701919 Change-Id: I541242711bc85cc124ff3a2680171577e75475bd Reviewed-on: https://chromium-review.googlesource.com/1033918 Commit-Queue: Peter Collingbourne <pcc@chromium.org> Reviewed-by: Peter Collingbourne <pcc@chromium.org> Reviewed-by: Dirk Pranke <dpranke@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#554828} Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src Cr-Mirrored-Commit: a6889a090458a2653794c6e63387d6db743dc7f9
2018-04-30 18:52:52 +00:00 · 2018-04-30 18:52:52 +00:00 · b585f5817f
--- a/config/sanitizers/sanitizers.gni
+++ b/config/sanitizers/sanitizers.gni
@ -61,7 +61,8 @@ declare_args() {
  # Enable checks for indirect function calls via a function pointer.
  # TODO(pcc): remove this when we're ready to add these checks by default.
  # https://crbug.com/701919
-  use_cfi_icall = false
+  use_cfi_icall = target_os == "linux" && !is_chromeos && target_cpu == "x64" &&
+                  is_official_build

  # Print detailed diagnostics when Control Flow Integrity detects a violation.
  use_cfi_diag = false