From patchwork Thu Nov 28 15:43:19 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adhemerval Zanella <adhemerval.zanella@linaro.org>
X-Patchwork-Id: 845946
Delivered-To: patch@linaro.org
Received: by 2002:adf:f2c4:0:b0:382:43a8:7b94 with SMTP id d4csp314209wrp;
 Thu, 28 Nov 2024 07:47:00 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCXnDBxOsUB+CNcHfpgy4p0fJjj1GFputWzUleAa1fsoZ9kGNrMhIwMtQT4PxMgn+zCb9aHtJg==@linaro.org
X-Google-Smtp-Source: AGHT+IFmymYC76G/0S+96ZodBrcMsh80QMi3jNVovj4dboJHWEusvjm29xCgWrNQUGipfOjqwdGv
X-Received: by 2002:ad4:4ee5:0:b0:6d4:10fd:3a36 with SMTP id
 6a1803df08f44-6d872971304mr54984636d6.7.1732808820032;
 Thu, 28 Nov 2024 07:47:00 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1732808820; cv=pass;
 d=google.com; s=arc-20240605;
 b=C2N8FEYP93S4mz4XdLM2Bq0E/XfotVW49qK1IiRnq56FmbQnydttVq0X7qg5k1825i
 51vPHgrdx/pQO9T7r5pHxQk928AudaUUtNEOJZnsO+mdY1LLYMIV7Gt6BMMuEIr9O5nB
 nMmbsAqkS0uuEKkHJbmR/KiLQ6wgmP87oLoVPc0QG+imlo37jn+J8A1TunRVf+UpxW3P
 dr7s9rnQWHa5WyhX2jvqElZKMo4XJSmY3esd1V7VtKSCuuaOcsV5o0N2M7ntaDlhCDdg
 w+oEmjOar6AiR42RDS4ptrodk8c3Bygx7agpfAdxXx1z+i2gX3K+G9pN1Kl+82gnUhI2
 kyHQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter
 :delivered-to:dkim-filter;
 bh=mZWx1xaZLZn41m3WH17PRq7U7/O1vVcuXt997A/8/Xw=;
 fh=JruiOR+n5wiv4jZbtXJYp9lJ8UkedxUHyGOCC37Fjus=;
 b=k6EcYecP8WUzPdtckQ0An7KNeqxA5fFTyRROCd5hFjyZ+dzHrsX6feEBwVIpjzWoPc
 XePCWzey+3rg7IEH2UqueQP66N3tBjKfqz6pM+QK8Xo7woDRXKnguL/p/7uZ7l0oaYBX
 Erbw+1zsRB4rOM2aQ0Hv3CSo2qH7xWtYsVpvTmuDib0XtKi89qNuuXN4sBNgwjtapMTT
 GQQQcj4Vw54IRLjQVwJzvITkcVw6IDYwkD3BMppkBoWyshU/c+mnIZ16onaVgbJqMgY0
 2aMIoZDsjYckZXbrsRjdO3gGyFuD0LplUpaiyeh3xAef3CyavRM3KVEooKi86432zKMh
 9SqQ==; dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=TnTLI+zk;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <binutils-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id
 6a1803df08f44-6d8751ab1dasi19337076d6.49.2024.11.28.07.46.59
 for <patch@linaro.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 28 Nov 2024 07:47:00 -0800 (PST)
Received-SPF: pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=TnTLI+zk;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
 by sourceware.org (Postfix) with ESMTP id 82BC03858C35
 for <patch@linaro.org>; Thu, 28 Nov 2024 15:46:59 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 82BC03858C35
Authentication-Results: sourceware.org; dkim=pass (2048-bit key,
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=TnTLI+zk
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com
 [IPv6:2607:f8b0:4864:20::643])
 by sourceware.org (Postfix) with ESMTPS id 6B7FD3858CDA
 for <binutils@sourceware.org>; Thu, 28 Nov 2024 15:45:19 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6B7FD3858CDA
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6B7FD3858CDA
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::643
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732808724; cv=none;
 b=UIXNyvi2TFp0mi3Ur6+cUzzir8UCmAG6mJ8hbO3T9d+ADCRxbVdWeU1PrmfdHJ+Ck0ZQ6jNpximeLBJVIzXngsgtVEIjvo6fqfHc3BFQ5/ZIZgKtCOr2sfh4bHlFSlk+eQFYGu9nCS7ZawZvDjMk9y/tGWFR6ivyjMY4yXfR6iM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1732808724; c=relaxed/simple;
 bh=QZbZ5UH388WBckRIor8zDJYgJwfzJNn+taLwf+9ZrZ0=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=qbvs3FWskMjYpu5iwRVHl3spOWsJGo3ziwKoI9YR/D6ZM4KAzsvkb/rB3cvX+GM8ZRRH2BWSD+ooAXcPrvvJ45qS7IxywJ2sfUyooUn5WTSVe+gdxK3l6taHAuf5J1xIaEtbWppiPvN3ZTlTCQd3KJc6yM8jVeNcJbbH7sCNLiE=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6B7FD3858CDA
Received: by mail-pl1-x643.google.com with SMTP id
 d9443c01a7336-2120f9ec28eso7728585ad.1
 for <binutils@sourceware.org>; Thu, 28 Nov 2024 07:45:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1732808718; x=1733413518; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=mZWx1xaZLZn41m3WH17PRq7U7/O1vVcuXt997A/8/Xw=;
 b=TnTLI+zkL60KPMK4aPdF+t1tyWFEVVatF2PiDa13JxLBv4qPMHxY5oOrYx+3imh7mB
 k2fZcG0yR8krJNo2DVfO3GKKyoNn/hLz64OIA07d7uasPGPoTuycXlSsKcUdUplsVTPg
 G9YmFxNo5WmQkZRpr5G9LIOW3Ux61HGdoN++c4CrhZWwXHVZgYqH131aDVyzsyBWRiI7
 kdwGx3kw6Oc5IXWOnNQJDaqNMAGnCCDz90ZHDHbftJBqg4ZK+vxopW10xw998IjZ2AsJ
 iACLvjqFUg4vQuVF4uVkLI4ekSji0w6vob76+4r6shT0K7UdpFkvuDylnS2saKZTyGFS
 Oj5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1732808718; x=1733413518;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=mZWx1xaZLZn41m3WH17PRq7U7/O1vVcuXt997A/8/Xw=;
 b=vf0afVpNlPPymscr9pbv3XypoOz1mT2SLTli7VA3KXUBPsejZa8uz6/o5osSmwAPJ8
 kCY8S0wPSFcjxMidm418GlqroZW1hX+cZ2qhSlnWC3lMcqk4QrEWmxIXkZYptoGgZN0z
 4BzoxWPRRxQuYpZIHma1dKdEycir8nN6gvkGOwLsvXMFryw+T1S4ihKt9vF36My4BDar
 1boczP+BMG3sRCjBKSf5PLK4oS7m86JMMRvd7qQtNcjzEL500M7rfUqW8SWUdUMSiPH+
 yntR1VvHIKzn4Kis8lprVbv5z4rpzRYC9sJ4n6huvoZdlig/D+XiMJpCH198T1tDdKra
 hpAQ==
X-Gm-Message-State: AOJu0YzttPZIyilIGmnK3971Jy34e5+nrheJvsOGL+2ZCt41/TvbISMN
 vyG26D9sxIlPS5eo1LFnzYjMiB8xMtAhWUhxywZi0OJp3PZHL0COhLUdpBsDaRefcwJ6D+3Gyhp
 b2L88cuKl
X-Gm-Gg: ASbGncvEbeO6iie/0mHD02c548E531zp+asz/khckffc9VmtPEPqDxQi1H+J1mT9ysg
 6l+P9BFgBshkZFAFLgg/QLc1n5NZuboCO5OQDXRr8yCP6WwlBQuSapYuAsH5sA5uEv1k32WQ/+a
 DPvrxm4/36q6iSqfXEZqma7khqCnbT+3eYz4UkChoTFGfmJyXMLWIr9NhmfLkJgRtVW2Oh7zZBK
 EDl8KoJzU8WCtDlHMlu4TCdnhiSFvsR+lKKEdRTNdS09t1TI33Mx/dtE73QulI=
X-Received: by 2002:a17:902:f644:b0:212:3f13:d4bc with SMTP id
 d9443c01a7336-2151d898654mr57940905ad.27.1732808717953;
 Thu, 28 Nov 2024 07:45:17 -0800 (PST)
Received: from mandiga.. ([2804:1b3:a7c1:68c8:2c85:3a76:728e:ead2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21521985773sm14877405ad.199.2024.11.28.07.45.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 28 Nov 2024 07:45:17 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: binutils@sourceware.org
Cc: Jeff Xu <jeffxu@google.com>,
	"H . J . Lu" <hjl.tools@gmail.com>
Subject: [PATCH v4 1/3] elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property
Date: Thu, 28 Nov 2024 12:43:19 -0300
Message-ID: <20241128154511.564500-2-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20241128154511.564500-1-adhemerval.zanella@linaro.org>
References: <20241128154511.564500-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
Errors-To: binutils-bounces~patch=linaro.org@sourceware.org

The GNU_PROPERTY_MEMORY_SEAL gnu property is a way to mark binaries
to be memory-sealed by the loader, to avoid further changes of
PT_LOAD segments (such as unmapping or changing permission flags).
This is done along with Linux kernel (the mseal syscall [1]), and
C runtime supports to instruct the kernel on the correct time to
seal the mapping during program startup (for instance, after
RELRO setup).  This support is added along the glibc support to
handle the new gnu property [2].

This is a opt-in security features, like other security hardening
ones like NX-stack or RELRO.

The new property is ignored if present on ET_REL objects, and only
added on ET_EXEC/ET_DYN if the linker option is used.  A gnu property
is used instead of DT_FLAGS_1 flag to allow memory sealing to work
with ET_EXEC without PT_DYNAMIC support (at least on glibc some ports
still do no support static-pie).

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8be7258aad44b5e25977a98db136f677fa6f4370
[2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html

Change-Id: Id47fadabecd24be0e83cff45653f7ce9a900ecf4
---
 bfd/elf-properties.c                  | 85 +++++++++++++++++++++------
 bfd/elfxx-x86.c                       |  3 +-
 binutils/readelf.c                    |  6 ++
 include/bfdlink.h                     |  3 +
 include/elf/common.h                  |  1 +
 ld/NEWS                               |  3 +
 ld/emultempl/elf.em                   |  4 ++
 ld/ld.texi                            |  8 +++
 ld/lexsup.c                           |  4 ++
 ld/testsuite/ld-elf/property-seal-1.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-1.s | 11 ++++
 ld/testsuite/ld-elf/property-seal-2.d | 17 ++++++
 ld/testsuite/ld-elf/property-seal-3.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-4.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-5.d | 15 +++++
 ld/testsuite/ld-elf/property-seal-6.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-7.d | 14 +++++
 ld/testsuite/ld-elf/property-seal-8.d | 15 +++++
 18 files changed, 235 insertions(+), 18 deletions(-)
 create mode 100644 ld/testsuite/ld-elf/property-seal-1.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-1.s
 create mode 100644 ld/testsuite/ld-elf/property-seal-2.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-3.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-4.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-5.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-6.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-7.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-8.d

diff --git a/bfd/elf-properties.c b/bfd/elf-properties.c
index ee8bd37f2bd..dbbd387fddc 100644
--- a/bfd/elf-properties.c
+++ b/bfd/elf-properties.c
@@ -177,6 +177,20 @@ _bfd_elf_parse_gnu_properties (bfd *abfd, Elf_Internal_Note *note)
 	      prop->pr_kind = property_number;
 	      goto next;
 
+	    case GNU_PROPERTY_MEMORY_SEAL:
+	      if (datasz != 0)
+		{
+		  _bfd_error_handler
+		    (_("warning: %pB: corrupt memory sealing size: 0x%x"),
+		     abfd, datasz);
+		  /* Clear all properties.  */
+		  elf_properties (abfd) = NULL;
+		  return false;
+		}
+	      prop = _bfd_elf_get_property (abfd, type, datasz);
+	      prop->pr_kind = property_number;
+	      goto next;
+
 	    default:
 	      if ((type >= GNU_PROPERTY_UINT32_AND_LO
 		   && type <= GNU_PROPERTY_UINT32_AND_HI)
@@ -254,6 +268,7 @@ elf_merge_gnu_properties (struct bfd_link_info *info, bfd *abfd, bfd *bbfd,
       /* FALLTHROUGH */
 
     case GNU_PROPERTY_NO_COPY_ON_PROTECTED:
+    case GNU_PROPERTY_MEMORY_SEAL:
       /* Return TRUE if APROP is NULL to indicate that BPROP should
 	 be added to ABFD.  */
       return aprop == NULL;
@@ -607,6 +622,33 @@ elf_write_gnu_properties (struct bfd_link_info *info,
     }
 }
 
+static asection *
+_bfd_elf_link_create_gnu_property_sec (struct bfd_link_info *info, bfd *elf_bfd,
+				       unsigned int elfclass)
+{
+  asection *sec;
+
+  sec = bfd_make_section_with_flags (elf_bfd,
+				     NOTE_GNU_PROPERTY_SECTION_NAME,
+				     (SEC_ALLOC
+				      | SEC_LOAD
+				      | SEC_IN_MEMORY
+				      | SEC_READONLY
+				      | SEC_HAS_CONTENTS
+				      | SEC_DATA));
+  if (sec == NULL)
+    info->callbacks->einfo (_("%F%P: failed to create GNU property section\n"));
+
+  if (!bfd_set_section_alignment (sec,
+				  elfclass == ELFCLASS64 ? 3 : 2))
+    info->callbacks->einfo (_("%F%pA: failed to align section\n"),
+			    sec);
+
+  elf_section_type (sec) = SHT_NOTE;
+  return sec;
+}
+
+
 /* Set up GNU properties.  Return the first relocatable ELF input with
    GNU properties if found.  Otherwise, return NULL.  */
 
@@ -656,23 +698,7 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info)
       /* Support -z indirect-extern-access.  */
       if (first_pbfd == NULL)
 	{
-	  sec = bfd_make_section_with_flags (elf_bfd,
-					     NOTE_GNU_PROPERTY_SECTION_NAME,
-					     (SEC_ALLOC
-					      | SEC_LOAD
-					      | SEC_IN_MEMORY
-					      | SEC_READONLY
-					      | SEC_HAS_CONTENTS
-					      | SEC_DATA));
-	  if (sec == NULL)
-	    info->callbacks->einfo (_("%F%P: failed to create GNU property section\n"));
-
-	  if (!bfd_set_section_alignment (sec,
-					  elfclass == ELFCLASS64 ? 3 : 2))
-	    info->callbacks->einfo (_("%F%pA: failed to align section\n"),
-				    sec);
-
-	  elf_section_type (sec) = SHT_NOTE;
+	  sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass);
 	  first_pbfd = elf_bfd;
 	  has_properties = true;
 	}
@@ -690,6 +716,31 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info)
 	  |= GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS;
     }
 
+  if (elf_bfd != NULL)
+    {
+      if (info->memory_seal)
+	{
+	  /* Support -z no-memory-seal.  */
+	  if (first_pbfd == NULL)
+	    {
+	      sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass);
+	      first_pbfd = elf_bfd;
+	      has_properties = true;
+	    }
+
+	  p = _bfd_elf_get_property (first_pbfd, GNU_PROPERTY_MEMORY_SEAL, 0);
+	  if (p->pr_kind == property_unknown)
+	    {
+	      /* Create GNU_PROPERTY_NO_MEMORY_SEAL.  */
+	      p->u.number = GNU_PROPERTY_MEMORY_SEAL;
+	      p->pr_kind = property_number;
+	    }
+	}
+      else
+	elf_find_and_remove_property (&elf_properties (elf_bfd),
+				      GNU_PROPERTY_MEMORY_SEAL, true);
+    }
+
   /* Do nothing if there is no .note.gnu.property section.  */
   if (!has_properties)
     return NULL;
diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
index 0843803171b..be1ce8f61c4 100644
--- a/bfd/elfxx-x86.c
+++ b/bfd/elfxx-x86.c
@@ -4896,7 +4896,8 @@ _bfd_x86_elf_link_fixup_gnu_properties
   for (p = *listp; p; p = p->next)
     {
       unsigned int type = p->property.pr_type;
-      if (type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED
+      if (type == GNU_PROPERTY_MEMORY_SEAL
+	  || type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED
 	  || type == GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED
 	  || (type >= GNU_PROPERTY_X86_UINT32_AND_LO
 	      && type <= GNU_PROPERTY_X86_UINT32_AND_HI)
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 73163e0ee21..a25487c3335 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -21457,6 +21457,12 @@ print_gnu_property_note (Filedata * filedata, Elf_Internal_Note * pnote)
 		printf (_("<corrupt length: %#x> "), datasz);
 	      goto next;
 
+	    case GNU_PROPERTY_MEMORY_SEAL:
+	      printf ("memory seal ");
+	      if (datasz)
+		printf (_("<corrupt length: %#x> "), datasz);
+	      goto next;
+
 	    default:
 	      if ((type >= GNU_PROPERTY_UINT32_AND_LO
 		   && type <= GNU_PROPERTY_UINT32_AND_HI)
diff --git a/include/bfdlink.h b/include/bfdlink.h
index f802ec627ef..8b9e391e6ff 100644
--- a/include/bfdlink.h
+++ b/include/bfdlink.h
@@ -429,6 +429,9 @@ struct bfd_link_info
   /* TRUE if only one read-only, non-code segment should be created.  */
   unsigned int one_rosegment: 1;
 
+  /* TRUE if GNU_PROPERTY_MEMORY_SEAL should be generated.  */
+  unsigned int memory_seal: 1;
+
   /* Nonzero if .eh_frame_hdr section and PT_GNU_EH_FRAME ELF segment
      should be created.  1 for DWARF2 tables, 2 for compact tables.  */
   unsigned int eh_frame_hdr_type: 2;
diff --git a/include/elf/common.h b/include/elf/common.h
index c9920e7731a..8938e2f4754 100644
--- a/include/elf/common.h
+++ b/include/elf/common.h
@@ -890,6 +890,7 @@
 /* Values used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0).  */
 #define GNU_PROPERTY_STACK_SIZE			1
 #define GNU_PROPERTY_NO_COPY_ON_PROTECTED	2
+#define GNU_PROPERTY_MEMORY_SEAL		3
 
 /* A 4-byte unsigned integer property: A bit is set if it is set in all
    relocatable inputs.  */
diff --git a/ld/NEWS b/ld/NEWS
index 47b5803a36f..babcf8753e8 100644
--- a/ld/NEWS
+++ b/ld/NEWS
@@ -33,6 +33,9 @@ Changes in 2.43:
 
 * Add -plugin-save-temps to store plugin intermediate files permanently.
 
+* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the
+  object to memory sealed.
+
 Changes in 2.42:
 
 * Add -z mark-plt/-z nomark-plt options to x86-64 ELF linker to mark PLT
diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em
index dae610e07a2..b2d281f96c7 100644
--- a/ld/emultempl/elf.em
+++ b/ld/emultempl/elf.em
@@ -1083,6 +1083,10 @@ fragment <<EOF
 	link_info.combreloc = false;
       else if (strcmp (optarg, "nocopyreloc") == 0)
 	link_info.nocopyreloc = true;
+      else if (strcmp (optarg, "memory-seal") == 0)
+       link_info.memory_seal = true;
+      else if (strcmp (optarg, "nomemory-seal") == 0)
+       link_info.memory_seal = false;
 EOF
 if test -n "$COMMONPAGESIZE"; then
 fragment <<EOF
diff --git a/ld/ld.texi b/ld/ld.texi
index f1594043bfa..2610154b328 100644
--- a/ld/ld.texi
+++ b/ld/ld.texi
@@ -1590,6 +1590,14 @@ Disable relocation overflow check.  This can be used to disable
 relocation overflow check if there will be no dynamic relocation
 overflow at run-time.  Supported for x86_64.
 
+@item memory-seal
+@item nomemory-seal
+Instruct the executable or shared library that the all PT_LOAD segments
+should be sealed to avoid further manipulation (such as changing the
+protection flags, the segment size, or remove the mapping).
+This is a security hardening that requires system support.  This
+generates GNU_PROPERTY_MEMORY_SEAL in .note.gnu.property section
+
 @item now
 When generating an executable or shared library, mark it to tell the
 dynamic linker to resolve all symbols when the program is started, or
diff --git a/ld/lexsup.c b/ld/lexsup.c
index 533535c2b89..2bc7c953798 100644
--- a/ld/lexsup.c
+++ b/ld/lexsup.c
@@ -2265,6 +2265,10 @@ elf_shlib_list_options (FILE *file)
       fprintf (file, _("\
   -z textoff                  Don't treat DT_TEXTREL in output as error\n"));
     }
+  fprintf (file, _("\
+  -z memory-seal              Mark object be memory sealed\n"));
+  fprintf (file, _("\
+  -z nomemory-seal            Don't mark oject to be memory sealed (default)\n"));
 }
 
 static void
diff --git a/ld/testsuite/ld-elf/property-seal-1.d b/ld/testsuite/ld-elf/property-seal-1.d
new file mode 100644
index 00000000000..a0b1feedf31
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-1.d
@@ -0,0 +1,16 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_DYN.
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -shared
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-1.s b/ld/testsuite/ld-elf/property-seal-1.s
new file mode 100644
index 00000000000..aa28a3d0516
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-1.s
@@ -0,0 +1,11 @@
+	.section ".note.gnu.property", "a"
+	.p2align ALIGN
+	.long 1f - 0f		/* name length */
+	.long 3f - 2f		/* data length */
+	.long 5			/* note type */
+0:	.asciz "GNU"		/* vendor name */
+1:
+	.p2align ALIGN
+2:	.long 3			/* pr_type.  */
+	.long 0			/* pr_datasz.  */
+3:
diff --git a/ld/testsuite/ld-elf/property-seal-2.d b/ld/testsuite/ld-elf/property-seal-2.d
new file mode 100644
index 00000000000..ebdaa623e0c
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-2.d
@@ -0,0 +1,17 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_DYN.
+#source: empty.s
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -shared
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-3.d b/ld/testsuite/ld-elf/property-seal-3.d
new file mode 100644
index 00000000000..969729ee0f4
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-3.d
@@ -0,0 +1,16 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_EXEC.
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -e _start
+#warning: .*: warning: cannot find entry symbol .*
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-4.d b/ld/testsuite/ld-elf/property-seal-4.d
new file mode 100644
index 00000000000..3dd990dd68a
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-4.d
@@ -0,0 +1,16 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_EXEC.
+#source: empty.s
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -e _start
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-5.d b/ld/testsuite/ld-elf/property-seal-5.d
new file mode 100644
index 00000000000..0b92a8eb6eb
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-5.d
@@ -0,0 +1,15 @@
+#source: empty.s
+#ld: -shared -z memory-seal
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-6.d b/ld/testsuite/ld-elf/property-seal-6.d
new file mode 100644
index 00000000000..725911acae7
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-6.d
@@ -0,0 +1,16 @@
+#source: empty.s
+#source: property-seal-1.s
+#ld: -shared -z memory-seal
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-7.d b/ld/testsuite/ld-elf/property-seal-7.d
new file mode 100644
index 00000000000..12339e83ebd
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-7.d
@@ -0,0 +1,14 @@
+#source: empty.s
+#ld: -z memory-seal
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-8.d b/ld/testsuite/ld-elf/property-seal-8.d
new file mode 100644
index 00000000000..0c4c4e4907e
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-8.d
@@ -0,0 +1,15 @@
+#source: empty.s
+#source: property-seal-1.s
+#ld: -z memory-seal
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass