From patchwork Thu Jan  2 19:19:30 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
X-Patchwork-Id: 854749
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp7929574wrq;
 Thu, 2 Jan 2025 11:22:56 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCXWncV6fJMFZ5DjzWLVtKjKZpS8gf0ARWgdIjjvQxC1aZe9h7wPfRLCXu7kTDu9nk7nGa9abQ==@linaro.org
X-Google-Smtp-Source: AGHT+IE9hQYf+lR8HxqnfRxJNyGgtsdZoT0aS1PkMP7AMxwSIBTMNJPVdRKsExF7+3cU2bAiv4uT
X-Received: by 2002:a05:620a:29cb:b0:7b7:342:a11e with SMTP id
 af79cd13be357-7b9ba834ec2mr6582465685a.57.1735845776342;
 Thu, 02 Jan 2025 11:22:56 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1735845776; cv=pass;
 d=google.com; s=arc-20240605;
 b=Ba2nLkMTifqLdW/HkzO2rclXZB7pGc5PwzN6N93H3wiVMulin0gOZ3wVos6K08KZnq
 Kjp/yf08fk5FaMTf6VhmCezgl4aK481Clf/X9t1xIyqfmqNqXUpyK6+Wi7QAXGSC5A+T
 D27XQ9WV/0E7ul20oavydg+Bnaab3mt8ofraf1lSYvsnZjAg2JejEdW3MMQwgwQYfSA4
 sy7rkRRb1FIuYzKNkphgG+EhsS98gtQXWBbJt73zt2hRTnZmvbJztYCmGi7iYI1RO1gt
 JLSQbQhhICTrhkl7uTwPdWu3PIRN3nieacvaszDUwMX5UHd34bYIBrprL6XOMidWHTOO
 xkfg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter
 :delivered-to:dkim-filter;
 bh=0SLcS75QR7t/0rk/gN7/PqEePz2ynvksKumxuhCadAM=;
 fh=JruiOR+n5wiv4jZbtXJYp9lJ8UkedxUHyGOCC37Fjus=;
 b=fTSM6P1h4YIu8P3gS5vQvGPZSLlpiR9IeCVaeFD8TlFIjpKMwFcdjad7M+IofPZy14
 o2RmuRfUg4cO1K9l178Jqd+YvOhxo55ceoxkV7Kh272rriTK3VFI7hqU6Rr2gKz8UIYX
 2tBGUSrF604zmgIkjaz/xrrZ/U445j3pYCPRDUMSvXT3jUeUn8iemxk+5DwEoc+ANE53
 2YGkyHQrX7LDIRSmtF4CUmkXFHycvEsX+K87DNCXKxTN0MoKY1XZvsjkua2MnaYy4O44
 xmMnjkKc/91Kv2SLcGHlx4Loc9GDqvyFyFVTphGUYq7rhiG/CU8W56QLOnHcEJDbNYIr
 CEdQ==; dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=OLROzmHF;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <binutils-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id
 af79cd13be357-7b9ac2d0e03si3792433485a.187.2025.01.02.11.22.56
 for <patch@linaro.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 02 Jan 2025 11:22:56 -0800 (PST)
Received-SPF: pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=OLROzmHF;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
 by sourceware.org (Postfix) with ESMTP id E66013858D33
 for <patch@linaro.org>; Thu,  2 Jan 2025 19:22:55 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E66013858D33
Authentication-Results: sourceware.org; dkim=pass (2048-bit key,
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=OLROzmHF
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com
 [IPv6:2607:f8b0:4864:20::102f])
 by sourceware.org (Postfix) with ESMTPS id CDF2C3858D35
 for <binutils@sourceware.org>; Thu,  2 Jan 2025 19:20:18 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CDF2C3858D35
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CDF2C3858D35
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::102f
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735845619; cv=none;
 b=JmomD8UpELPYnx0TknW2OZGnCWYqpA+mONt4DBBraFY1L0COx82gnfCBL2gCscd5W607PIB7dVfHXXCAYCsa/kIJgxucj37Ql/rjA0hX/FhKMW62j9u7H9BD+N8L8hrQ9dlldCPXtLmh6cekwYLeaw2NgHKgXT4hFYNUOrgRv0I=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1735845619; c=relaxed/simple;
 bh=Ts3DoiJgzhSachI35gcBYc4jL2dKjsWHOSRt+CwKmsw=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=jhEzR39aNWks82p0Wrpf0yKJI5BzJeI3J6LTBAvSAGCyt71tb2r6s9XwUoOGYfjrNHbgIQYPbn2xFcJ0Ov+PnlhcsgbivK0pvLcjQF0CluCdf38DYCQB0VVz5LCVicHzfMNFSEK/Mlm0lwVZ6kdFAIwdxF7cr0cX/0ynxQG2DfI=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CDF2C3858D35
Received: by mail-pj1-x102f.google.com with SMTP id
 98e67ed59e1d1-2ef87d24c2dso13083051a91.1
 for <binutils@sourceware.org>; Thu, 02 Jan 2025 11:20:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1735845617; x=1736450417; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=0SLcS75QR7t/0rk/gN7/PqEePz2ynvksKumxuhCadAM=;
 b=OLROzmHFG0a1Ymig0Dq1Oe7qsX2uIZw0q5As0T1rcTCEydxeOX4we2zWUTabZrDCkf
 qHpXT6X/Ck67kMrop/2PtsGAPO01iYGYl5wkpSkB6AiazOydTBHiUseFGyKze/RhtVuv
 ggjRGhBU1Wf2Cyu6D1vDEETa8qvsE4IJkeueoFnbDByIJwAE52aULuVCQvsNeqeMPVYG
 bpJXzlwmqcJA0rYykKQuJ8u5KhnwReoDDS63f+RspfhzIN84V6eFFrOVu+8czYHxKb1Y
 4s0Ro2sWhKFworqDLSlL49QysOtb0G7BeTAcVEkVdwMSQt8ixVKybGgVQig6NG+7YB9H
 ++vw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1735845617; x=1736450417;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=0SLcS75QR7t/0rk/gN7/PqEePz2ynvksKumxuhCadAM=;
 b=SpsdJJc2Zbf1crfd9z59YqjeDqPDZJoF/c+NgN5L/z84lU36T35VR37/d7oqmTeFsf
 +lvyA6//0H0VEM6V7FbL17sq+e7vI+ddNK9omHx7iz2hSIZh6ygGcdPABK003cAglvPT
 kVThB5tNyOe1tJEpVJOKjl8NSX/a+7QJ/ebsr/WsX6JhV2RBxtGK3ZH0Hd3A/jQ45J7c
 V26bZEloyomFlX4/OZSep0OnbYoD+/aNSpslMhhT7uHZpSKPJvY8+KjbG1UHBvJizyCM
 9Oq1pFd7ECwb/WXFiF83lCHktfw1MWah5DYCDV9zFV5yhRDSFGgly+2Vmf6XrSJz1+iW
 s5ng==
X-Gm-Message-State: AOJu0YyglJaTNREbK4xV+zKMQax263A2IwjD/vpM5SYI/G8azTm2rhHv
 QIXNKt6WnFUIgqGfjjdidaN2/IAD0qlmLaHGQAragZBknLZp1SU00Ulsg+GmQUtoK2wYPIth3Uq
 f
X-Gm-Gg: ASbGncvKp+sQe9EMb+1RNoORXXjjr1ZqszblYNH9wle6kcW0h5HObsJfJQbhkTCfpir
 r4Pcfhs/yWvmzDUX7uDeZftTgRzjd8WTsJ/Y+b1Rk6DGSli52DDeDwtX/jY7KqJg9UD7ntSDJfK
 uJ0nosX6oO1OWgNmjSmMZ1l5salmFtucGBwkr7fX8nfW5dYo7sBPKFgExQwph+B5Gw//tNdiW84
 2e52YO7rSSMLPvePGZBL0MIab/8/kt4QUtOG5VJMlwHPCF8Wy45mEUR5yslzM/RSSbxzPXVIMcb
 GVZ+YhCWAd8uotBeUr0OXE49uY+F
X-Received: by 2002:a05:6a00:8085:b0:725:ae5f:7f06 with SMTP id
 d2e1a72fcca58-72abe096383mr71393772b3a.23.1735845617224;
 Thu, 02 Jan 2025 11:20:17 -0800 (PST)
Received: from ubuntu-vm.. (201-92-186-201.dsl.telesp.net.br. [201.92.186.201])
 by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-842b85efb58sm22604630a12.34.2025.01.02.11.20.15
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 02 Jan 2025 11:20:16 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: binutils@sourceware.org
Cc: Jeff Xu <jeffxu@google.com>,
	"H . J . Lu" <hjl.tools@gmail.com>
Subject: [PATCH v5 3/3] ld: Add --enable-memory-seal configure option
Date: Thu,  2 Jan 2025 16:19:30 -0300
Message-ID: <20250102192006.1318325-4-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20250102192006.1318325-1-adhemerval.zanella@linaro.org>
References: <20250102192006.1318325-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
Errors-To: binutils-bounces~patch=linaro.org@sourceware.org

Add --enable-memory-seal linker configure option to enable memory
sealing (GNU_PROPERTY_MEMORY_SEAL) by default.

Change-Id: I4ce4ff33657f0f09b1ceb06210b6fcaa501f1799
---
 binutils/testsuite/lib/binutils-common.exp | 22 +++++++++++++
 ld/NEWS                                    |  3 +-
 ld/config.in                               |  3 ++
 ld/configure                               | 38 ++++++++++++++++++----
 ld/configure.ac                            | 17 ++++++++++
 ld/emultempl/elf.em                        |  1 +
 ld/lexsup.c                                |  7 ++++
 ld/testsuite/config/default.exp            |  8 +++++
 ld/testsuite/ld-srec/srec.exp              |  4 +++
 ld/testsuite/lib/ld-lib.exp                |  6 ++++
 10 files changed, 101 insertions(+), 8 deletions(-)

diff --git a/binutils/testsuite/lib/binutils-common.exp b/binutils/testsuite/lib/binutils-common.exp
index daf12eb0fbb..72664d84bcc 100644
--- a/binutils/testsuite/lib/binutils-common.exp
+++ b/binutils/testsuite/lib/binutils-common.exp
@@ -408,6 +408,25 @@ proc check_relro_support { } {
     return $relro_available_saved
 }
 
+proc check_memory_seal_support { } {
+    global memory_seal_available_saved
+    global ld
+
+    if {![info exists memory_seal_available_saved]} {
+	remote_file host delete nomemory_seal
+	set ld_output [remote_exec host $ld "-z nomemory-seal"]
+	if { [string first "not supported" $ld_output] >= 0
+	     || [string first "unrecognized option" $ld_output] >= 0
+	     || [string first "-z nomemory-seal ignored" $ld_output] >= 0
+	     || [string first "cannot find nomemory-seal" $ld_output] >= 0 } {
+	    set memory_seal_available_saved 0
+	} else {
+	    set memory_seal_available_saved 1
+	}
+    }
+    return $memory_seal_available_saved
+}
+
 # Check for support of the .noinit section, used for data that is not
 # initialized at load, or during the application's initialization sequence.
 proc supports_noinit_section {} {
@@ -1401,6 +1420,9 @@ proc run_dump_test { name {extra_options {}} } {
 	    if [check_relro_support] {
 		set ld_extra_opt "-z norelro"
 	    }
+	    if [check_memory_seal_support] {
+		append ld_extra_opt " -z nomemory-seal"
+	    }
 
 	    # Add -L$srcdir/$subdir so that the linker command can use
 	    # linker scripts in the source directory.
diff --git a/ld/NEWS b/ld/NEWS
index 5d5fec4aed3..4aa5408d88f 100644
--- a/ld/NEWS
+++ b/ld/NEWS
@@ -34,7 +34,8 @@ Changes in 2.43:
 * Add -plugin-save-temps to store plugin intermediate files permanently.
 
 * Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the
-  object to memory sealed.
+  object to memory sealed.   Also added --enable-memory-seal configure option
+  to enable the memory sealing by default.
 
 Changes in 2.42:
 
diff --git a/ld/config.in b/ld/config.in
index 633105a43ad..ed838463856 100644
--- a/ld/config.in
+++ b/ld/config.in
@@ -60,6 +60,9 @@
    default. */
 #undef DEFAULT_LD_Z_SEPARATE_CODE
 
+/* Define to 1 if you want to enable -z memory-seal in ELF linker by default.  */
+#undef DEFAULT_LD_Z_MEMORY_SEAL
+
 /* Define to 1 if you want to set DT_RUNPATH instead of DT_RPATH by default.
    */
 #undef DEFAULT_NEW_DTAGS
diff --git a/ld/configure b/ld/configure
index 0b4197d1c4f..f34141bb238 100755
--- a/ld/configure
+++ b/ld/configure
@@ -854,6 +854,7 @@ enable_textrel_check
 enable_separate_code
 enable_rosegment
 enable_mark_plt
+enable_memory_seal
 enable_warn_execstack
 enable_error_execstack
 enable_warn_rwx_segments
@@ -1551,6 +1552,7 @@ Optional Features:
   --enable-separate-code  enable -z separate-code in ELF linker by default
   --enable-rosegment      enable --rosegment in the ELF linker by default
   --enable-mark-plt       enable -z mark-plt in ELF x86-64 linker by default
+  --enable-memory-seal    enable -z memory-seal in ELF linker by default
   --enable-warn-execstack enable warnings when creating an executable stack
   --enable-error-execstack
                           turn executable stack warnings into errors
@@ -11686,7 +11688,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11689 "configure"
+#line 11691 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -11792,7 +11794,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11795 "configure"
+#line 11797 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -15251,7 +15253,7 @@ else
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15297,7 +15299,7 @@ else
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15321,7 +15323,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15366,7 +15368,7 @@ else
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15390,7 +15392,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15709,6 +15711,17 @@ esac
 fi
 
 
+# Decide if -z memory-seal should be enabled in ELF linker by default.
+ac_default_ld_z_memory_seal=unset
+# Check whether --enable-memory-seal was given.
+if test "${enable_memory_seal+set}" = set; then :
+  enableval=$enable_memory_seal; case "${enableval}" in
+  yes) ac_default_ld_z_memory_seal=1 ;;
+  no) ac_default_ld_z_memory_seal=0 ;;
+esac
+fi
+
+
 
 # By default warn when an executable stack is created due to object files
 # requesting such, not when the user specifies -z execstack.
@@ -18965,6 +18978,8 @@ main ()
     if (*(data + i) != *(data3 + i))
       return 14;
   close (fd);
+  free (data);
+  free (data3);
   return 0;
 }
 _ACEOF
@@ -19444,6 +19459,15 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
+if test "${ac_default_ld_z_memory_seal}" = unset; then
+  ac_default_ld_z_memory_seal=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define DEFAULT_LD_Z_MEMORY_SEAL $ac_default_ld_z_memory_seal
+_ACEOF
+
+
 
 
 cat >>confdefs.h <<_ACEOF
diff --git a/ld/configure.ac b/ld/configure.ac
index 004fa31d877..228f2ee4089 100644
--- a/ld/configure.ac
+++ b/ld/configure.ac
@@ -232,6 +232,16 @@ AC_ARG_ENABLE(mark-plt,
   no) ac_default_ld_z_mark_plt=0 ;;
 esac])
 
+# Decide if -z memory-seal should be enabled in ELF linker by default.
+ac_default_ld_z_memory_seal=unset
+AC_ARG_ENABLE(memory-seal,
+	      AS_HELP_STRING([--enable-memory-seal],
+	      [enable -z memory-seal in ELF linker by default]),
+[case "${enableval}" in
+  yes) ac_default_ld_z_memory_seal=1 ;;
+  no) ac_default_ld_z_memory_seal=0 ;;
+esac])
+
 
 # By default warn when an executable stack is created due to object files
 # requesting such, not when the user specifies -z execstack.
@@ -617,6 +627,13 @@ AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MARK_PLT,
   $ac_default_ld_z_mark_plt,
   [Define to 1 if you want to enable -z mark-plt in ELF x86-64 linker by default.])
 
+if test "${ac_default_ld_z_memory_seal}" = unset; then
+  ac_default_ld_z_memory_seal=0
+fi
+AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MEMORY_SEAL,
+  $ac_default_ld_z_memory_seal,
+  [Define to 1 if you want to enable -z memory_seal in ELF linker by default.])
+
 
 AC_DEFINE_UNQUOTED(DEFAULT_LD_WARN_EXECSTACK,
   $ac_default_ld_warn_execstack,
diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em
index 9a14eae749e..d8fb034697b 100644
--- a/ld/emultempl/elf.em
+++ b/ld/emultempl/elf.em
@@ -99,6 +99,7 @@ fragment <<EOF
   link_info.default_execstack = DEFAULT_LD_EXECSTACK;
   link_info.error_execstack = DEFAULT_LD_ERROR_EXECSTACK;
   link_info.warn_is_error_for_rwx_segments = DEFAULT_LD_ERROR_RWX_SEGMENTS;
+  link_info.memory_seal = DEFAULT_LD_Z_MEMORY_SEAL;
 }
 
 EOF
diff --git a/ld/lexsup.c b/ld/lexsup.c
index 9cf1a9a033b..5399aa45b72 100644
--- a/ld/lexsup.c
+++ b/ld/lexsup.c
@@ -2265,10 +2265,17 @@ elf_shlib_list_options (FILE *file)
       fprintf (file, _("\
   -z textoff                  Don't treat DT_TEXTREL in output as error\n"));
     }
+#if DEFAULT_LD_Z_MEMORY_SEAL
+  fprintf (file, _("\
+  -z memory-seal              Mark object be memory sealed (default)\n"));
+  fprintf (file, _("\
+  -z nomemory-seal            Don't mark oject to be memory sealed\n"));
+#else
   fprintf (file, _("\
   -z memory-seal              Mark object be memory sealed\n"));
   fprintf (file, _("\
   -z nomemory-seal            Don't mark oject to be memory sealed (default)\n"));
+#endif
 }
 
 static void
diff --git a/ld/testsuite/config/default.exp b/ld/testsuite/config/default.exp
index 95ff4f19e7a..f93fb30ab07 100644
--- a/ld/testsuite/config/default.exp
+++ b/ld/testsuite/config/default.exp
@@ -382,6 +382,14 @@ if { ![info exists NO_DT_RELR_CC_LDFLAGS] } then {
     }
 }
 
+if { ![info exists NO_MEMORY_SEAL_LDFLAGS] } then {
+    if { [check_memory_seal_support] } then {
+	set NO_MEMORY_SEAL_LDFLAGS "-z nomemory-seal"
+    } else {
+	set NO_MEMORY_SEAL_LDFLAGS {}
+    }
+}
+
 # Set LD_CLASS to "64bit" for a 64-bit *host* linker.
 if { ![info exists LD_CLASS] } then {
     set REAL_LD [findfile $base_dir/.libs/ld-new .libs/ld-new $LD [transform ld]]
diff --git a/ld/testsuite/ld-srec/srec.exp b/ld/testsuite/ld-srec/srec.exp
index 49ca7454d86..bec59130425 100644
--- a/ld/testsuite/ld-srec/srec.exp
+++ b/ld/testsuite/ld-srec/srec.exp
@@ -226,12 +226,15 @@ proc run_srec_test { test objs } {
     global objcopy
     global sizeof_headers
     global host_triplet
+    global extra_flags
 
     # Tell the ELF linker to not do anything clever with .eh_frame,
     # not to put anything in small data, and define various symbols.
     set flags "--traditional-format -G 0 -e 0 "
     append flags [ld_link_defsyms]
 
+    append flags " $extra_flags"
+
     # If the linker script uses SIZEOF_HEADERS, use a -Ttext argument
     # to force both the normal link and the S-record link to be put in
     # the same place.  We don't always use -Ttext because it interacts
@@ -345,6 +348,7 @@ set test2 "S-records with constructors"
 # See whether the default linker script uses SIZEOF_HEADERS.
 set exec_output [run_host_cmd "$ld" "--verbose"]
 set sizeof_headers [string match "*SIZEOF_HEADERS*" $exec_output]
+set extra_flags " $NO_MEMORY_SEAL_LDFLAGS"
 
 # First test linking a C program.  We don't require any libraries.  We
 # link it normally, and objcopy to the S-record format, and then link
diff --git a/ld/testsuite/lib/ld-lib.exp b/ld/testsuite/lib/ld-lib.exp
index 6182d3e066a..c4653d4946b 100644
--- a/ld/testsuite/lib/ld-lib.exp
+++ b/ld/testsuite/lib/ld-lib.exp
@@ -460,6 +460,9 @@ proc run_ld_link_tests { ldtests args } {
     if [check_relro_support] {
 	append ld_extra_opt " -z norelro"
     }
+    if [check_memory_seal_support] {
+	append ld_extra_opt " -z nomemory-seal"
+    }
 
     foreach testitem $ldtests {
 	set testname [lindex $testitem 0]
@@ -977,6 +980,9 @@ proc run_cc_link_tests { ldtests } {
 		set failed 1
 	    }
 	} else {
+	    if [check_memory_seal_support] {
+		append ldflags " -z nomemory-seal"
+	    }
 	    if { [string match "" $STATIC_LDFLAGS] \
 		 && [regexp -- ".* \[-\]+static .*" " $board_cflags $board_ldflags $ldflags $objfiles "] } {
 		untested $testname