Everyone seems to be starting from the assumption that something bad is happening, and grasping at anything possible, including far beyond even the spirit of the license, to reaffirm that assumption. It's tiring.
Conversation
I don't think something bad is happening. You were trying to find a way to get funding and make the software sustainable. It seems to be at least partially working and publishing everything for free wasn't doing that for you. I don't have a problem with the approach.
2
3
If following the gpl isn't working for a company then producing derivative works of gpl'd software is not the right line of business for them.
2
They give their customers the source code. If they want to publish it they're legally allowed to do it. It's not as helpful as it seems to get a leaked copy of a massive patch, especially when most upstream work is based on Clang and the most interesting pieces are GCC plugins.
2
1
You could give upstream the latest release of RAP but it wouldn't mean they would understand it and be able to maintain it. It can't simply be merged with no one developing / maintaining it. That is essentially what they did with a few plugins but they're much smaller/simpler.
2
RAP was publicly available including the deterministic hash-based forward and backward edge protection. It doesn't really seem like anyone else learned anything from it. The state of the art elsewhere is the much slower Clang CFI which leaves backward edge CFI to something else.
1
The backward edge protection is SafeStack, which has issues. There's ways around SafeStack and it's in an incomplete state. It doesn't protect shared objects, only application code.
I've done some work in hbsd to get shared object support working, but my priorities keep shifting
1
The shared object support needs tight integration with both the RTLD and libc, in somewhat similar fashion as SSP, but a bit more complex.
If I remember correctly, setjmp/longjmp is still an issue with SafeStack.
1
SafeStack wasn't really meant to be used with Clang CFI. It was meant to be used as part of a broader CPI feature which was never finished or landed.
Android started adopting SafeStack including shared object support. It was dropped and it now uses ShadowCallStack instead.
2
1
SafeStack has serious issues with leaks since it uses the main thread stack as the main safe stack but there are assorted pointers to data libc places in it.
Android uses cross-DSO CFI and ShadowCallStack for both the kernel and userspace. ShadowCallStack is arm64 only though.
2
1
It didn't work as intended on x86 since it has stack-based return addresses and they were still returning that way so there was a race. They didn't want to do something more invasive and it wasn't specifically for kernel where they could make stacks inaccessible to other threads.
arm64 is all that really matters to Android for the foreseeable future. There will be CET on x86 providing hardware shadow stack support and arm64 will be able to use ARMv8.5 / ARMv9 MTE (memory tagging) to make ShadowCallStack more secure if they decide to figure that out.
2
1
I'd like to see us provide Intel CET support, but we also need to provide for non-Intel systems and systems that don't support CET.