From patchwork Thu Jan  2 19:19:28 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
X-Patchwork-Id: 854747
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp7928828wrq;
 Thu, 2 Jan 2025 11:20:49 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCVbpeczDvn/SKEV/XMyhpzOW88QR+3FDjKK+rWO8+IKqHh2aclEmelHsXGRac88JUVFoMCQcQ==@linaro.org
X-Google-Smtp-Source: AGHT+IH3vNewkDaKO3zS6J8ej4Xl4Xw0cUYWOOPmRQuyvOg+F3BaBEFtoWgdAFOPMdmF/r1fRM3G
X-Received: by 2002:ac8:7e89:0:b0:467:43c1:f0ea with SMTP id
 d75a77b69052e-46a4a8e4636mr763843201cf.16.1735845649093;
 Thu, 02 Jan 2025 11:20:49 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1735845649; cv=pass;
 d=google.com; s=arc-20240605;
 b=gJaeBLt6iJbAMS+F0qMTJEFtFMLR5uvLtQjrcX5jUQicLsfuSwIJYSY/q9qOkAuCmu
 oNTeiUKN12EpoGXalKkyjDsdq/pHrFYcIt9ngi3jbdJ5uc1yHG5OR1aXB3OQpGOFdAIl
 l1azYsAftRTl094wvXpf4dvX9+vggRwvMyadtTQ4D6WoluRaVg0p6KjZtOvEGHKNdh/3
 9ocfBmJRZg0yAKYSi1ou83BtasSOq4y+qneiZ7kN1PtZnWAhP291vO6+ys2xtUr/et7y
 ybZYuKgqkdx5JkWxAAifhPeeB/EMzuja3+31C7QvSvrkrnYdyH+9mmGoC9+XnnrlTrX6
 BsgA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter
 :delivered-to:dkim-filter;
 bh=z5/D4cRVeeJqevZoNEmNAv6L6BpEh2YpnbIWe9cl2Qs=;
 fh=JruiOR+n5wiv4jZbtXJYp9lJ8UkedxUHyGOCC37Fjus=;
 b=NB2GxWISgOjQ2UyLNDe/YjD0WHD8HgFQ0Qjz9SEl9vuDecmegT0RAtcRGJXg3QG3oJ
 dpwpsgdhuOWGymGmJ87XMj32Thm+nVbf4yLjNqXOdaMElclFQZoIBTJwhHp3u0NgJ9yT
 klkcSRP0PcHCdIIsJMv18/+PrxcIAO+NSMJuyiRIgw3SJqJo+6hKuxevR1vBuJhxyhPM
 /aK9tcusXzGY9c+Vb/V7kTkUsvguOhGFSmyw4IO+U8dcELSGoHYQ7J+H1BVVsEy0kkK7
 SE21KqmyHjsTsWnRE6yriKbmU9Y1iDyyYOHVH/CfabqlQySBArKrBppVyp15JVljn2Oj
 F53A==; dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=nA51NZVw;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <binutils-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id
 6a1803df08f44-6dd18137a31si376562246d6.176.2025.01.02.11.20.48
 for <patch@linaro.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 02 Jan 2025 11:20:49 -0800 (PST)
Received-SPF: pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=nA51NZVw;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
 by sourceware.org (Postfix) with ESMTP id A18783858C5F
 for <patch@linaro.org>; Thu,  2 Jan 2025 19:20:48 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A18783858C5F
Authentication-Results: sourceware.org; dkim=pass (2048-bit key,
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=nA51NZVw
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com
 [IPv6:2607:f8b0:4864:20::62d])
 by sourceware.org (Postfix) with ESMTPS id EC7DD3858CDA
 for <binutils@sourceware.org>; Thu,  2 Jan 2025 19:20:14 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EC7DD3858CDA
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org EC7DD3858CDA
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::62d
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735845615; cv=none;
 b=iiQT767dFVpA3NJm3kQi7VipzsHo3K1YKgOmCAld8/SgDgVCNEZkzpb3/ZQhI27NT8J2tSs0Ty6JI6GdOvbHr12weWpyE/3Z/3CMZYwgh4m8FCIkdZNaN/jkZqyG9xxCxwBlMMsWAtlheoeyhUNbtDEscunY4vDbal05/lZP0NU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1735845615; c=relaxed/simple;
 bh=zfE4ej5SFnSH4nQVzfQ25bGE4Wxu9QGkBK5J7xSTcqU=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=C5GcwPgdavfwYfjDC1zhEkt4Dqy0SC9nspT7dSbh21Po13JgA9A7K4WG//nK4SfYGXrJMpuNq9PNPg9KAfjyLlYJtw9k/1TYGYDCkbckRweRU3e93DYCpmPcGBfJtbtCqCky3WHJDR+UVS9B0mHk/E9PAxR387jo/Dnv8U28pfM=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EC7DD3858CDA
Received: by mail-pl1-x62d.google.com with SMTP id
 d9443c01a7336-2166f1e589cso193443305ad.3
 for <binutils@sourceware.org>; Thu, 02 Jan 2025 11:20:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1735845613; x=1736450413; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=z5/D4cRVeeJqevZoNEmNAv6L6BpEh2YpnbIWe9cl2Qs=;
 b=nA51NZVwImRELYXMYOytHlvTofg5FSNb0B+EQSD3J6IJ4kiryjy5wyJ7VM6MLm9jEY
 EWzdaVoV4a9x6QASBz6UbZtMWl8X+MyAZOVZ0P2pzHM3ONkrE7UgUE16//q78cj7PKW8
 3K871IuX1csfqJKlWFLQABHq4iNNrbwbY6QIqeEDl5kCpVcpvpNP+coqlVK52efy1rOd
 3gwxx6rnN+xUGVYM3QxfRWGSz+jBkp/838T3JcrNyd33C5Cod3kNGBKXyQr8B4E42Ckn
 zfi2KkI7LSZpt9Ya2ld4LC/Zq/kx33oqbLnfCVdnvEpxwnfOuB1Z2xJYbWSTNv/ZzE9D
 ya1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1735845613; x=1736450413;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=z5/D4cRVeeJqevZoNEmNAv6L6BpEh2YpnbIWe9cl2Qs=;
 b=f/UWCJwFQH8DprET+Pa63cLRCwaJll4SbGoVbAQYbNZ3VEd5+TVDlz3Y6iG7Tj7b6O
 wbZp68o9V7NZ88zYtv4EGw42RKn2D4llK4rTVcRgnnfawWBVF0hnF+l6s40Lfuqhl2Z/
 p0oDTkJBD7oWrLMuXmuZs/kMdCCebKb5L8QVGOyTeutU/Id/MJM3o6nrd/DGVVwkRugV
 AhIl92qmJmSHCT0BlUA1BASly0fD9ZUwVgcdC/ta2hX9TNAe21LNhYI0fTjnw8cVuoJh
 lNcoRVJNXk/MkKeIXoC/yCXqi8pgsyGEqJ7T7fXscYQPvvNX5C2zKA6Al3QLW+Bhf2+q
 vG3Q==
X-Gm-Message-State: AOJu0YwkQl7jMm88ZJlUbXNrltdxsjtypkCm5vpqET3WDLI01rKLUIdP
 ho0jsha3tbq3ICKZ1QJtsjljuXCjzpaSCTm1q8wW3Dz8oGsQDN6hW3RP6PZOED1Prq6P8KvcUzp
 T
X-Gm-Gg: ASbGnct4MEg3tgFAHh07xdpf0qLANkIvXuXT5FhVOv8Iu1mYmQjpot+D5qIwZ2WJi5z
 GF54cYRqpqIe41aggQOxkl/qp0XQSxWB2flrwkr9l8CMxXeTCW8b0PeZv77SuUZqoHLCTWSXdIZ
 chzKgT4ieaj2T3lYHdt4k9CGBnTv9z9j5FEYxToUt9/UjLYSpNwK8c8T9Q7JdVPRZ1cpj29uKJG
 8/WgdQmSdxs0RbO1EfrsOpuM97FPmfCtWLLdm/351KUARQBC/6nL4KdzTUB6zTHnAFBx6sYGkuY
 sB+PNYSLnX28T5kyxb0JLKMyxKBT
X-Received: by 2002:a05:6a21:4986:b0:1e6:44b4:78ab with SMTP id
 adf61e73a8af0-1e644b478fbmr31526881637.8.1735845613295;
 Thu, 02 Jan 2025 11:20:13 -0800 (PST)
Received: from ubuntu-vm.. (201-92-186-201.dsl.telesp.net.br. [201.92.186.201])
 by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-842b85efb58sm22604630a12.34.2025.01.02.11.20.11
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 02 Jan 2025 11:20:12 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: binutils@sourceware.org
Cc: Jeff Xu <jeffxu@google.com>,
	"H . J . Lu" <hjl.tools@gmail.com>
Subject: [PATCH v5 1/3] elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property
Date: Thu,  2 Jan 2025 16:19:28 -0300
Message-ID: <20250102192006.1318325-2-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20250102192006.1318325-1-adhemerval.zanella@linaro.org>
References: <20250102192006.1318325-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
Errors-To: binutils-bounces~patch=linaro.org@sourceware.org

The GNU_PROPERTY_MEMORY_SEAL gnu property is a way to mark binaries
to be memory sealed by the loader, to avoid further changes of
PT_LOAD segments (such as unmapping or change permission flags).
This is done along with Linux kernel (the mseal syscall [1]), and
C runtime supports to instruct the kernel on the correct time during
program startup (for instance, after RELRO handling).  This support
is added along the glibc support to handle the new gnu property [2].

This is a opt-in security features, like other security hardening
ones like NX-stack or RELRO.

The new property is ignored if present on ET_REL objects, and only
added on ET_EXEC/ET_DYN if the linker option is used.  A gnu property
is used instead of DT_FLAGS_1 flag to allow memory sealing to work
with ET_EXEC without PT_DYNAMIC support (at least on glibc some ports
still do no support static-pie).

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8be7258aad44b5e25977a98db136f677fa6f4370
[2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html

Change-Id: Id47fadabecd24be0e83cff45653f7ce9a900ecf4
---
 bfd/elf-properties.c                  | 85 +++++++++++++++++++++------
 bfd/elfxx-x86.c                       |  3 +-
 binutils/readelf.c                    |  6 ++
 include/bfdlink.h                     |  3 +
 include/elf/common.h                  |  1 +
 ld/NEWS                               |  3 +
 ld/emultempl/elf.em                   |  4 ++
 ld/ld.texi                            |  8 +++
 ld/lexsup.c                           |  4 ++
 ld/testsuite/ld-elf/property-seal-1.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-1.s | 11 ++++
 ld/testsuite/ld-elf/property-seal-2.d | 17 ++++++
 ld/testsuite/ld-elf/property-seal-3.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-4.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-5.d | 15 +++++
 ld/testsuite/ld-elf/property-seal-6.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-7.d | 14 +++++
 ld/testsuite/ld-elf/property-seal-8.d | 15 +++++
 18 files changed, 235 insertions(+), 18 deletions(-)
 create mode 100644 ld/testsuite/ld-elf/property-seal-1.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-1.s
 create mode 100644 ld/testsuite/ld-elf/property-seal-2.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-3.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-4.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-5.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-6.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-7.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-8.d

diff --git a/bfd/elf-properties.c b/bfd/elf-properties.c
index 61f01bf5380..23634a9d9c9 100644
--- a/bfd/elf-properties.c
+++ b/bfd/elf-properties.c
@@ -177,6 +177,20 @@ _bfd_elf_parse_gnu_properties (bfd *abfd, Elf_Internal_Note *note)
 	      prop->pr_kind = property_number;
 	      goto next;
 
+	    case GNU_PROPERTY_MEMORY_SEAL:
+	      if (datasz != 0)
+		{
+		  _bfd_error_handler
+		    (_("warning: %pB: corrupt memory sealing size: 0x%x"),
+		     abfd, datasz);
+		  /* Clear all properties.  */
+		  elf_properties (abfd) = NULL;
+		  return false;
+		}
+	      prop = _bfd_elf_get_property (abfd, type, datasz);
+	      prop->pr_kind = property_number;
+	      goto next;
+
 	    default:
 	      if ((type >= GNU_PROPERTY_UINT32_AND_LO
 		   && type <= GNU_PROPERTY_UINT32_AND_HI)
@@ -254,6 +268,7 @@ elf_merge_gnu_properties (struct bfd_link_info *info, bfd *abfd, bfd *bbfd,
       /* FALLTHROUGH */
 
     case GNU_PROPERTY_NO_COPY_ON_PROTECTED:
+    case GNU_PROPERTY_MEMORY_SEAL:
       /* Return TRUE if APROP is NULL to indicate that BPROP should
 	 be added to ABFD.  */
       return aprop == NULL;
@@ -607,6 +622,33 @@ elf_write_gnu_properties (struct bfd_link_info *info,
     }
 }
 
+static asection *
+_bfd_elf_link_create_gnu_property_sec (struct bfd_link_info *info, bfd *elf_bfd,
+				       unsigned int elfclass)
+{
+  asection *sec;
+
+  sec = bfd_make_section_with_flags (elf_bfd,
+				     NOTE_GNU_PROPERTY_SECTION_NAME,
+				     (SEC_ALLOC
+				      | SEC_LOAD
+				      | SEC_IN_MEMORY
+				      | SEC_READONLY
+				      | SEC_HAS_CONTENTS
+				      | SEC_DATA));
+  if (sec == NULL)
+    info->callbacks->einfo (_("%F%P: failed to create GNU property section\n"));
+
+  if (!bfd_set_section_alignment (sec,
+				  elfclass == ELFCLASS64 ? 3 : 2))
+    info->callbacks->einfo (_("%F%pA: failed to align section\n"),
+			    sec);
+
+  elf_section_type (sec) = SHT_NOTE;
+  return sec;
+}
+
+
 /* Set up GNU properties.  Return the first relocatable ELF input with
    GNU properties if found.  Otherwise, return NULL.  */
 
@@ -656,23 +698,7 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info)
       /* Support -z indirect-extern-access.  */
       if (first_pbfd == NULL)
 	{
-	  sec = bfd_make_section_with_flags (elf_bfd,
-					     NOTE_GNU_PROPERTY_SECTION_NAME,
-					     (SEC_ALLOC
-					      | SEC_LOAD
-					      | SEC_IN_MEMORY
-					      | SEC_READONLY
-					      | SEC_HAS_CONTENTS
-					      | SEC_DATA));
-	  if (sec == NULL)
-	    info->callbacks->einfo (_("%F%P: failed to create GNU property section\n"));
-
-	  if (!bfd_set_section_alignment (sec,
-					  elfclass == ELFCLASS64 ? 3 : 2))
-	    info->callbacks->einfo (_("%F%pA: failed to align section\n"),
-				    sec);
-
-	  elf_section_type (sec) = SHT_NOTE;
+	  sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass);
 	  first_pbfd = elf_bfd;
 	  has_properties = true;
 	}
@@ -690,6 +716,31 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info)
 	  |= GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS;
     }
 
+  if (elf_bfd != NULL)
+    {
+      if (info->memory_seal)
+	{
+	  /* Support -z no-memory-seal.  */
+	  if (first_pbfd == NULL)
+	    {
+	      sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass);
+	      first_pbfd = elf_bfd;
+	      has_properties = true;
+	    }
+
+	  p = _bfd_elf_get_property (first_pbfd, GNU_PROPERTY_MEMORY_SEAL, 0);
+	  if (p->pr_kind == property_unknown)
+	    {
+	      /* Create GNU_PROPERTY_NO_MEMORY_SEAL.  */
+	      p->u.number = GNU_PROPERTY_MEMORY_SEAL;
+	      p->pr_kind = property_number;
+	    }
+	}
+      else
+	elf_find_and_remove_property (&elf_properties (elf_bfd),
+				      GNU_PROPERTY_MEMORY_SEAL, true);
+    }
+
   /* Do nothing if there is no .note.gnu.property section.  */
   if (!has_properties)
     return NULL;
diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
index 60e81f518a7..7c164e9c131 100644
--- a/bfd/elfxx-x86.c
+++ b/bfd/elfxx-x86.c
@@ -4892,7 +4892,8 @@ _bfd_x86_elf_link_fixup_gnu_properties
   for (p = *listp; p; p = p->next)
     {
       unsigned int type = p->property.pr_type;
-      if (type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED
+      if (type == GNU_PROPERTY_MEMORY_SEAL
+	  || type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED
 	  || type == GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED
 	  || (type >= GNU_PROPERTY_X86_UINT32_AND_LO
 	      && type <= GNU_PROPERTY_X86_UINT32_AND_HI)
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 4f8f879cf91..0f29b65fe30 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -21476,6 +21476,12 @@ print_gnu_property_note (Filedata * filedata, Elf_Internal_Note * pnote)
 		printf (_("<corrupt length: %#x> "), datasz);
 	      goto next;
 
+	    case GNU_PROPERTY_MEMORY_SEAL:
+	      printf ("memory seal ");
+	      if (datasz)
+		printf (_("<corrupt length: %#x> "), datasz);
+	      goto next;
+
 	    default:
 	      if ((type >= GNU_PROPERTY_UINT32_AND_LO
 		   && type <= GNU_PROPERTY_UINT32_AND_HI)
diff --git a/include/bfdlink.h b/include/bfdlink.h
index 85e7da84406..ae451075996 100644
--- a/include/bfdlink.h
+++ b/include/bfdlink.h
@@ -429,6 +429,9 @@ struct bfd_link_info
   /* TRUE if only one read-only, non-code segment should be created.  */
   unsigned int one_rosegment: 1;
 
+  /* TRUE if GNU_PROPERTY_MEMORY_SEAL should be generated.  */
+  unsigned int memory_seal: 1;
+
   /* Nonzero if .eh_frame_hdr section and PT_GNU_EH_FRAME ELF segment
      should be created.  1 for DWARF2 tables, 2 for compact tables.  */
   unsigned int eh_frame_hdr_type: 2;
diff --git a/include/elf/common.h b/include/elf/common.h
index 6077db7a8b7..2e2c486bf8d 100644
--- a/include/elf/common.h
+++ b/include/elf/common.h
@@ -890,6 +890,7 @@
 /* Values used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0).  */
 #define GNU_PROPERTY_STACK_SIZE			1
 #define GNU_PROPERTY_NO_COPY_ON_PROTECTED	2
+#define GNU_PROPERTY_MEMORY_SEAL		3
 
 /* A 4-byte unsigned integer property: A bit is set if it is set in all
    relocatable inputs.  */
diff --git a/ld/NEWS b/ld/NEWS
index 4a19f5a7d5d..5d5fec4aed3 100644
--- a/ld/NEWS
+++ b/ld/NEWS
@@ -33,6 +33,9 @@ Changes in 2.43:
 
 * Add -plugin-save-temps to store plugin intermediate files permanently.
 
+* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the
+  object to memory sealed.
+
 Changes in 2.42:
 
 * Add -z mark-plt/-z nomark-plt options to x86-64 ELF linker to mark PLT
diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em
index 4d431995d2e..9a14eae749e 100644
--- a/ld/emultempl/elf.em
+++ b/ld/emultempl/elf.em
@@ -1083,6 +1083,10 @@ fragment <<EOF
 	link_info.combreloc = false;
       else if (strcmp (optarg, "nocopyreloc") == 0)
 	link_info.nocopyreloc = true;
+      else if (strcmp (optarg, "memory-seal") == 0)
+       link_info.memory_seal = true;
+      else if (strcmp (optarg, "nomemory-seal") == 0)
+       link_info.memory_seal = false;
 EOF
 if test -n "$COMMONPAGESIZE"; then
 fragment <<EOF
diff --git a/ld/ld.texi b/ld/ld.texi
index da714a20855..d3d9f32d8f3 100644
--- a/ld/ld.texi
+++ b/ld/ld.texi
@@ -1590,6 +1590,14 @@ Disable relocation overflow check.  This can be used to disable
 relocation overflow check if there will be no dynamic relocation
 overflow at run-time.  Supported for x86_64.
 
+@item memory-seal
+@item nomemory-seal
+Instruct the executable or shared library that the all PT_LOAD segments
+should be sealed to avoid further manipulation (such as changing the
+protection flags, the segment size, or remove the mapping).
+This is a security hardening that requires system support.  This
+generates GNU_PROPERTY_MEMORY_SEAL in .note.gnu.property section
+
 @item now
 When generating an executable or shared library, mark it to tell the
 dynamic linker to resolve all symbols when the program is started, or
diff --git a/ld/lexsup.c b/ld/lexsup.c
index e63c4310c6e..9cf1a9a033b 100644
--- a/ld/lexsup.c
+++ b/ld/lexsup.c
@@ -2265,6 +2265,10 @@ elf_shlib_list_options (FILE *file)
       fprintf (file, _("\
   -z textoff                  Don't treat DT_TEXTREL in output as error\n"));
     }
+  fprintf (file, _("\
+  -z memory-seal              Mark object be memory sealed\n"));
+  fprintf (file, _("\
+  -z nomemory-seal            Don't mark oject to be memory sealed (default)\n"));
 }
 
 static void
diff --git a/ld/testsuite/ld-elf/property-seal-1.d b/ld/testsuite/ld-elf/property-seal-1.d
new file mode 100644
index 00000000000..a0b1feedf31
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-1.d
@@ -0,0 +1,16 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_DYN.
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -shared
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-1.s b/ld/testsuite/ld-elf/property-seal-1.s
new file mode 100644
index 00000000000..aa28a3d0516
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-1.s
@@ -0,0 +1,11 @@
+	.section ".note.gnu.property", "a"
+	.p2align ALIGN
+	.long 1f - 0f		/* name length */
+	.long 3f - 2f		/* data length */
+	.long 5			/* note type */
+0:	.asciz "GNU"		/* vendor name */
+1:
+	.p2align ALIGN
+2:	.long 3			/* pr_type.  */
+	.long 0			/* pr_datasz.  */
+3:
diff --git a/ld/testsuite/ld-elf/property-seal-2.d b/ld/testsuite/ld-elf/property-seal-2.d
new file mode 100644
index 00000000000..ebdaa623e0c
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-2.d
@@ -0,0 +1,17 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_DYN.
+#source: empty.s
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -shared
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-3.d b/ld/testsuite/ld-elf/property-seal-3.d
new file mode 100644
index 00000000000..969729ee0f4
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-3.d
@@ -0,0 +1,16 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_EXEC.
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -e _start
+#warning: .*: warning: cannot find entry symbol .*
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-4.d b/ld/testsuite/ld-elf/property-seal-4.d
new file mode 100644
index 00000000000..3dd990dd68a
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-4.d
@@ -0,0 +1,16 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_EXEC.
+#source: empty.s
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -e _start
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-5.d b/ld/testsuite/ld-elf/property-seal-5.d
new file mode 100644
index 00000000000..0b92a8eb6eb
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-5.d
@@ -0,0 +1,15 @@
+#source: empty.s
+#ld: -shared -z memory-seal
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-6.d b/ld/testsuite/ld-elf/property-seal-6.d
new file mode 100644
index 00000000000..725911acae7
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-6.d
@@ -0,0 +1,16 @@
+#source: empty.s
+#source: property-seal-1.s
+#ld: -shared -z memory-seal
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-7.d b/ld/testsuite/ld-elf/property-seal-7.d
new file mode 100644
index 00000000000..12339e83ebd
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-7.d
@@ -0,0 +1,14 @@
+#source: empty.s
+#ld: -z memory-seal
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-8.d b/ld/testsuite/ld-elf/property-seal-8.d
new file mode 100644
index 00000000000..0c4c4e4907e
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-8.d
@@ -0,0 +1,15 @@
+#source: empty.s
+#source: property-seal-1.s
+#ld: -z memory-seal
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass

From patchwork Thu Jan  2 19:19:29 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
X-Patchwork-Id: 854750
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp7930751wrq;
 Thu, 2 Jan 2025 11:26:48 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCV+5QH55rJ3M8vU+hGmX8QkGWxLfnjjaFOo9ifHGqF2tRZSRf+sDlQSXdVJ3BnKZYQ8kUWvIA==@linaro.org
X-Google-Smtp-Source: AGHT+IFVtUXut6RsU7a1XHyGonrty628Zv35felkslbFh0nJNO1rpvtx/6H/dl1cUY3Xh/lYJmL/
X-Received: by 2002:a05:6214:2e47:b0:6d8:893b:2a13 with SMTP id
 6a1803df08f44-6dd234dc943mr728166246d6.0.1735846008327;
 Thu, 02 Jan 2025 11:26:48 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1735846008; cv=pass;
 d=google.com; s=arc-20240605;
 b=PGDyhN4OIEzhFiwxrY0XrQOFGK5pNpdooyHnYGOHRpKhRjcD8SFc6XejSFACPBNQKh
 KM5igitDItYzu2PasqnTjj0A5GVrpshQ9y3YTSrXaefky5cEjHNSh9MUZsFNStzGklcR
 tdHCXECtbhKlocKzRS3kFJqnk1jBs8s1N4KFmMuVZQgGGdp9QuJ4sJV9AfUXXriImOdD
 TXHmZdkUWw5ZJarXMGGBbzsuVVQmbQOWOqw6ujvDvhR9c8Jigy42uWENITqg8fuIodJn
 ZVOLDJRFwlHp6vR+f4i4A+F/2UJ5vJdHQ6gt2jVC34GJnpkEdh6IBQv0cnu18LB8IjCF
 deVA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter
 :delivered-to:dkim-filter;
 bh=KaQ30waZnrlRd3KXREfZ08MPXU8G0Ola/SAQBQ+0STI=;
 fh=JruiOR+n5wiv4jZbtXJYp9lJ8UkedxUHyGOCC37Fjus=;
 b=S7fWaj4oZ7gLeVtDZCEY5e/Ablwg9zVCOAKp0IC9Gu65gOR159SyyuKn8mpMlUkNje
 k5xV0AwJC7XOZfucpHb9n0Mpe0uS34fs/q2irfipXKe9tLKSJLcICdzBXh1spyjzZ58g
 UXhawt9NizdLKG2scLBnx/Zcxi5r07qs8hWec39gIDahnlpnag2UekiiVg6HozJbtRLm
 yTQhfCMja0xDrbpqWuw113VNWy98xIlhtVdac0r3wR/msbp2B5D2YZO+kQovCxZj9pIg
 +86AP3hVk4ud9I5BHGIijg3Lgvj8UccKnwHCPzyKbFKHYHm6MNYkBxAkorCb4+4qZVlV
 r+Mg==; dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=xKajBuUi;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <binutils-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97])
 by mx.google.com with ESMTPS id
 6a1803df08f44-6dd1813724asi369975406d6.150.2025.01.02.11.26.48
 for <patch@linaro.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 02 Jan 2025 11:26:48 -0800 (PST)
Received-SPF: pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=xKajBuUi;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
 by sourceware.org (Postfix) with ESMTP id DF2203858CDA
 for <patch@linaro.org>; Thu,  2 Jan 2025 19:26:47 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DF2203858CDA
Authentication-Results: sourceware.org; dkim=pass (2048-bit key,
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=xKajBuUi
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com
 [IPv6:2607:f8b0:4864:20::632])
 by sourceware.org (Postfix) with ESMTPS id AAB3E3858CD1
 for <binutils@sourceware.org>; Thu,  2 Jan 2025 19:20:16 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AAB3E3858CD1
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org AAB3E3858CD1
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::632
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735845616; cv=none;
 b=nO+yQmwPm6vniqfO8CbdZSknyIjwCZf47gLM9Tq1ndGrweWe+X3l4Tpnopk+qTl0/OQqRGJXWVlrudYaWyQajhN7i8C6OweMIaBO3v28IlElSViCvoSmMxqmGBcKI2Rg3wZAEh/MZjpTC+y1ZgmBxSR9TzKXhvWzSc7saQc/D0w=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1735845616; c=relaxed/simple;
 bh=Uyb9meJmXZiksid2eBvI/8F9RP0jYA7HIDTohKy8s4Y=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=NjoR7zRikr+mIP9Tsy37/UUPXVq2F4rbU5xNX1ExUWLRYIBoR6WPbXaYDoO2XQCDON9WVM9MU/bebwFmaYiKZyBaqeDTscm2DoJ7IxKF5c3UmCaSp58qioxJK0J6uVYh2cev7/ixOaBkNY8loU0QlaoI2gODpkdKIT7U0P/PA2I=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AAB3E3858CD1
Received: by mail-pl1-x632.google.com with SMTP id
 d9443c01a7336-2167141dfa1so156164005ad.1
 for <binutils@sourceware.org>; Thu, 02 Jan 2025 11:20:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1735845615; x=1736450415; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=KaQ30waZnrlRd3KXREfZ08MPXU8G0Ola/SAQBQ+0STI=;
 b=xKajBuUiwu5YFOSNEo+NqmXtNhf7nuxuMfC02+kKPbHWxcirdLqU6HoV4TTjGSwllw
 +b5q7Sx9N6t5NlbgVrE5+91IrtknQ+39RJiAjAbrjRU4Z3pvflQKG4D56SZxwEt2YRbK
 N0AsL1ojVmjn0jvpregT1tlCjKjUNkGRzBbofQ5ULqLJ1ZGa4mjxC38ZW3Q4tX+UOCxT
 zksnLQ3o6nfU+zzZn8HY56P02jyyH43KSFC6eLErYvF+DPBILaX4OUOLj2+G/ZJrA3RZ
 IOSHVSdIGW+uWyMZ5TR7hnrP7hJRdOxCrUH4cSU+TWoL99ZD4nrI+mIauFXeBmOfRefL
 y4mQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1735845615; x=1736450415;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=KaQ30waZnrlRd3KXREfZ08MPXU8G0Ola/SAQBQ+0STI=;
 b=JKC8inu/WPYHvV7fT6KKwmk3oYcAkyhanoruPgCu/Ahq5nKLs32MxRlgm9EXG2PyW2
 2EE/tlJ7eIsKQ6r2EmkQ7UyX+sQiXVeBO0rLfd4cQ8n0TBYawzFMkD3BCURmJf/w66ZT
 pXbRju5OYDIeW3czLz8+7bxvKlOqzJ29CD4qTbFw8EtrbCkOpw30bmb1dPlFx7TPCC7A
 QbMc1DCqZ7/FPlOqjBVe1U00iB40STXGUzMWVFVYNBb6ed/mVfTNEorTqHSbCYmRz6Od
 D/3vKwj04mW6iL2xyrjEmGkyflDa1VSUU5WHLu3DST/gzv/5GQ21aVENH872tybbw/Gv
 iDzw==
X-Gm-Message-State: AOJu0YxpWVMO0Rwi4R/lbQOuTLex8rhhfrYzgbymT9ZCwZUTlkHYBRXX
 wgz+ZG3sTGPXrmazhqtQQnLThT5gWILE4jmpmqweUSw4QvulthlNbEc2gqR25yTy74MSJR33sl5
 d
X-Gm-Gg: ASbGncvb/RetaxHRgp8Gfi98CZ1nowc9alsmHtRdFdRtk7GCg8zxgdkZqwbxlNWflgq
 WJnnonEiioehSSAiO6ioSnH1IJQv0XZBKM1h2bkM8E3EVndSYdJ9nRXyU4E139iKsYcKgcpDHZQ
 BOV7ZIxl1Z443OBgCrflgvfZINu1mFR+qJBZCCrB5cKnATlBpkQbdrI2Omx4kc4tSOKs5L6Ei9M
 uoxjh1twyD9ycKZSqmKPirrJqg7ghrT7xOCtZgZe+mPiSc0vzRZ3makF8JMJyWV2VnRbdg3aLue
 oYITYAezHljzPoDYmDwxomqoDTP0
X-Received: by 2002:a17:902:da8a:b0:216:11cf:790 with SMTP id
 d9443c01a7336-219da5f0a54mr732567135ad.16.1735845615260;
 Thu, 02 Jan 2025 11:20:15 -0800 (PST)
Received: from ubuntu-vm.. (201-92-186-201.dsl.telesp.net.br. [201.92.186.201])
 by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-842b85efb58sm22604630a12.34.2025.01.02.11.20.13
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 02 Jan 2025 11:20:14 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: binutils@sourceware.org
Cc: Jeff Xu <jeffxu@google.com>,
	"H . J . Lu" <hjl.tools@gmail.com>
Subject: [PATCH v5 2/3] gold: Add GNU_PROPERTY_MEMORY_SEAL gnu property
Date: Thu,  2 Jan 2025 16:19:29 -0300
Message-ID: <20250102192006.1318325-3-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20250102192006.1318325-1-adhemerval.zanella@linaro.org>
References: <20250102192006.1318325-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
Errors-To: binutils-bounces~patch=linaro.org@sourceware.org

Similar to the ld.bfd, with the -z,memory-seal and -z,no-memory-seal
which adds the .gnu.attribute GNU_PROPERTY_MEMORY_SEAL.

Change-Id: I31e194479912d3f468d5e5132a6eb566ed9aca78
---
 elfcpp/elfcpp.h                     |  1 +
 gold/NEWS                           |  3 ++
 gold/layout.cc                      |  4 +++
 gold/options.h                      |  3 ++
 gold/testsuite/Makefile.am          | 19 ++++++++++++
 gold/testsuite/Makefile.in          | 26 +++++++++++++++--
 gold/testsuite/memory_seal_main.c   |  5 ++++
 gold/testsuite/memory_seal_shared.c |  7 +++++
 gold/testsuite/memory_seal_test.sh  | 45 +++++++++++++++++++++++++++++
 9 files changed, 110 insertions(+), 3 deletions(-)
 create mode 100644 gold/testsuite/memory_seal_main.c
 create mode 100644 gold/testsuite/memory_seal_shared.c
 create mode 100755 gold/testsuite/memory_seal_test.sh

diff --git a/elfcpp/elfcpp.h b/elfcpp/elfcpp.h
index 3ceddbda19c..1b7a1f7f8ac 100644
--- a/elfcpp/elfcpp.h
+++ b/elfcpp/elfcpp.h
@@ -1023,6 +1023,7 @@ enum
 {
   GNU_PROPERTY_STACK_SIZE = 1,
   GNU_PROPERTY_NO_COPY_ON_PROTECTED = 2,
+  GNU_PROPERTY_MEMORY_SEAL = 3,
   GNU_PROPERTY_LOPROC = 0xc0000000,
   GNU_PROPERTY_X86_COMPAT_ISA_1_USED = 0xc0000000,
   GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED = 0xc0000001,
diff --git a/gold/NEWS b/gold/NEWS
index c0f4842e617..7fca7603476 100644
--- a/gold/NEWS
+++ b/gold/NEWS
@@ -5,6 +5,9 @@
 
 * Remove support for -z bndplt (MPX prefix instructions).
 
+* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the
+  object to memory sealed.
+
 Changes in 1.16:
 
 * Improve warning messages for relocations that refer to discarded sections.
diff --git a/gold/layout.cc b/gold/layout.cc
index f690c67618e..8adace07676 100644
--- a/gold/layout.cc
+++ b/gold/layout.cc
@@ -3277,6 +3277,10 @@ Layout::create_gnu_properties_note()
 {
   parameters->target().finalize_gnu_properties(this);
 
+  if (parameters->options().memory_seal())
+    this->add_gnu_property(elfcpp::NT_GNU_PROPERTY_TYPE_0,
+			   elfcpp::GNU_PROPERTY_MEMORY_SEAL, 0, 0);
+
   if (this->gnu_properties_.empty())
     return;
 
diff --git a/gold/options.h b/gold/options.h
index 4eb3678e9ec..441ba98acd7 100644
--- a/gold/options.h
+++ b/gold/options.h
@@ -1546,6 +1546,9 @@ class General_options
 	      N_("Keep .text.hot, .text.startup, .text.exit and .text.unlikely "
 		 "as separate sections in the final binary."),
 	      N_("Merge all .text.* prefix sections."));
+  DEFINE_bool(memory_seal, options::DASH_Z, '\0', false,
+	      N_("Mark object be memory sealed"),
+	      N_("Don't mark oject to be memory sealed"));
 
 
  public:
diff --git a/gold/testsuite/Makefile.am b/gold/testsuite/Makefile.am
index 8f158ba20cc..f6eddea65fd 100644
--- a/gold/testsuite/Makefile.am
+++ b/gold/testsuite/Makefile.am
@@ -4476,3 +4476,22 @@ package_metadata_test.o: package_metadata_main.c
 package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld
 	$(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}'
 	$(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}'
+
+check_SCRIPTS += memory_seal_test.sh
+check_DATA += memory_seal_test_1.stdout memory_seal_test_2.stdout
+MOSTLYCLEANFILES += memory_seal_test
+memory_seal_test_1.stdout: memory_seal_main
+	$(TEST_READELF) -n $< >$@
+memory_seal_test_2.stdout: memory_seal_shared.so
+	$(TEST_READELF) -n $< >$@
+memory_seal_main: gcctestdir/ld memory_seal_main.o
+	gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o
+memory_seal_main.o: memory_seal_main.c
+	$(COMPILE) -c -o $@ $<
+memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o
+	gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o
+memory_seal_shared.o: memory_seal_shared.c
+	$(COMPILE) -c -fPIC -o $@ $<
+
+
+
diff --git a/gold/testsuite/Makefile.in b/gold/testsuite/Makefile.in
index 357dec0d4f9..e95e8ed5d08 100644
--- a/gold/testsuite/Makefile.in
+++ b/gold/testsuite/Makefile.in
@@ -2888,7 +2888,7 @@ MOSTLYCLEANFILES = *.so *.syms *.stdout *.stderr $(am__append_4) \
 	$(am__append_88) $(am__append_91) $(am__append_93) \
 	$(am__append_102) $(am__append_105) $(am__append_108) \
 	$(am__append_111) $(am__append_114) $(am__append_117) \
-	$(am__append_120) $(am__append_121)
+	$(am__append_120) $(am__append_121) memory_seal_test
 
 # We will add to these later, for each individual test.  Note
 # that we add each test under check_SCRIPTS or check_PROGRAMS;
@@ -2901,7 +2901,7 @@ check_SCRIPTS = $(am__append_2) $(am__append_21) $(am__append_25) \
 	$(am__append_89) $(am__append_96) $(am__append_100) \
 	$(am__append_103) $(am__append_106) $(am__append_109) \
 	$(am__append_112) $(am__append_115) $(am__append_118) \
-	$(am__append_122)
+	$(am__append_122) memory_seal_test.sh
 check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \
 	$(am__append_32) $(am__append_38) $(am__append_45) \
 	$(am__append_50) $(am__append_54) $(am__append_58) \
@@ -2910,7 +2910,8 @@ check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \
 	$(am__append_90) $(am__append_97) $(am__append_101) \
 	$(am__append_104) $(am__append_107) $(am__append_110) \
 	$(am__append_113) $(am__append_116) $(am__append_119) \
-	$(am__append_123)
+	$(am__append_123) memory_seal_test_1.stdout \
+	memory_seal_test_2.stdout
 BUILT_SOURCES = $(am__append_42)
 TESTS = $(check_SCRIPTS) $(check_PROGRAMS)
 
@@ -6524,6 +6525,13 @@ retain.sh.log: retain.sh
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+memory_seal_test.sh.log: memory_seal_test.sh
+	@p='memory_seal_test.sh'; \
+	b='memory_seal_test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 object_unittest.log: object_unittest$(EXEEXT)
 	@p='object_unittest$(EXEEXT)'; \
 	b='object_unittest'; \
@@ -10524,6 +10532,18 @@ package_metadata_test.o: package_metadata_main.c
 package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld
 	$(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}'
 	$(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}'
+memory_seal_test_1.stdout: memory_seal_main
+	$(TEST_READELF) -n $< >$@
+memory_seal_test_2.stdout: memory_seal_shared.so
+	$(TEST_READELF) -n $< >$@
+memory_seal_main: gcctestdir/ld memory_seal_main.o
+	gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o
+memory_seal_main.o: memory_seal_main.c
+	$(COMPILE) -c -o $@ $<
+memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o
+	gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o
+memory_seal_shared.o: memory_seal_shared.c
+	$(COMPILE) -c -fPIC -o $@ $<
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/gold/testsuite/memory_seal_main.c b/gold/testsuite/memory_seal_main.c
new file mode 100644
index 00000000000..77bc677e8eb
--- /dev/null
+++ b/gold/testsuite/memory_seal_main.c
@@ -0,0 +1,5 @@
+int
+main(void)
+{
+  return 0;
+}
diff --git a/gold/testsuite/memory_seal_shared.c b/gold/testsuite/memory_seal_shared.c
new file mode 100644
index 00000000000..8cf7b6143da
--- /dev/null
+++ b/gold/testsuite/memory_seal_shared.c
@@ -0,0 +1,7 @@
+int foo (void);
+
+int
+foo(void)
+{
+  return 0;
+}
diff --git a/gold/testsuite/memory_seal_test.sh b/gold/testsuite/memory_seal_test.sh
new file mode 100755
index 00000000000..c2194213445
--- /dev/null
+++ b/gold/testsuite/memory_seal_test.sh
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+# memory_seal_test.sh -- test GNU_PROPERTY_MEMORY_SEAL gnu property
+
+# Copyright (C) 2018-2024 Free Software Foundation, Inc.
+
+# This file is part of gold.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+# This script checks that after linking the three object files
+# gnu_property_[abc].S, each of which contains a .note.gnu.property
+# section, the resulting output has only a single such note section,
+# and that the properties have been correctly combined.
+
+check()
+{
+    if ! grep -q "$2" "$1"
+    then
+	echo "Did not find expected output in $1:"
+	echo "   $2"
+	echo ""
+	echo "Actual output below:"
+	cat "$1"
+	exit 1
+    fi
+}
+
+check memory_seal_test_1.stdout "memory seal"
+check memory_seal_test_2.stdout "memory seal"
+
+exit 0

From patchwork Thu Jan  2 19:19:30 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
X-Patchwork-Id: 854749
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp7929574wrq;
 Thu, 2 Jan 2025 11:22:56 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCXWncV6fJMFZ5DjzWLVtKjKZpS8gf0ARWgdIjjvQxC1aZe9h7wPfRLCXu7kTDu9nk7nGa9abQ==@linaro.org
X-Google-Smtp-Source: AGHT+IE9hQYf+lR8HxqnfRxJNyGgtsdZoT0aS1PkMP7AMxwSIBTMNJPVdRKsExF7+3cU2bAiv4uT
X-Received: by 2002:a05:620a:29cb:b0:7b7:342:a11e with SMTP id
 af79cd13be357-7b9ba834ec2mr6582465685a.57.1735845776342;
 Thu, 02 Jan 2025 11:22:56 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1735845776; cv=pass;
 d=google.com; s=arc-20240605;
 b=Ba2nLkMTifqLdW/HkzO2rclXZB7pGc5PwzN6N93H3wiVMulin0gOZ3wVos6K08KZnq
 Kjp/yf08fk5FaMTf6VhmCezgl4aK481Clf/X9t1xIyqfmqNqXUpyK6+Wi7QAXGSC5A+T
 D27XQ9WV/0E7ul20oavydg+Bnaab3mt8ofraf1lSYvsnZjAg2JejEdW3MMQwgwQYfSA4
 sy7rkRRb1FIuYzKNkphgG+EhsS98gtQXWBbJt73zt2hRTnZmvbJztYCmGi7iYI1RO1gt
 JLSQbQhhICTrhkl7uTwPdWu3PIRN3nieacvaszDUwMX5UHd34bYIBrprL6XOMidWHTOO
 xkfg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter
 :delivered-to:dkim-filter;
 bh=0SLcS75QR7t/0rk/gN7/PqEePz2ynvksKumxuhCadAM=;
 fh=JruiOR+n5wiv4jZbtXJYp9lJ8UkedxUHyGOCC37Fjus=;
 b=fTSM6P1h4YIu8P3gS5vQvGPZSLlpiR9IeCVaeFD8TlFIjpKMwFcdjad7M+IofPZy14
 o2RmuRfUg4cO1K9l178Jqd+YvOhxo55ceoxkV7Kh272rriTK3VFI7hqU6Rr2gKz8UIYX
 2tBGUSrF604zmgIkjaz/xrrZ/U445j3pYCPRDUMSvXT3jUeUn8iemxk+5DwEoc+ANE53
 2YGkyHQrX7LDIRSmtF4CUmkXFHycvEsX+K87DNCXKxTN0MoKY1XZvsjkua2MnaYy4O44
 xmMnjkKc/91Kv2SLcGHlx4Loc9GDqvyFyFVTphGUYq7rhiG/CU8W56QLOnHcEJDbNYIr
 CEdQ==; dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=OLROzmHF;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <binutils-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id
 af79cd13be357-7b9ac2d0e03si3792433485a.187.2025.01.02.11.22.56
 for <patch@linaro.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 02 Jan 2025 11:22:56 -0800 (PST)
Received-SPF: pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=OLROzmHF;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
 by sourceware.org (Postfix) with ESMTP id E66013858D33
 for <patch@linaro.org>; Thu,  2 Jan 2025 19:22:55 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E66013858D33
Authentication-Results: sourceware.org; dkim=pass (2048-bit key,
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=OLROzmHF
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com
 [IPv6:2607:f8b0:4864:20::102f])
 by sourceware.org (Postfix) with ESMTPS id CDF2C3858D35
 for <binutils@sourceware.org>; Thu,  2 Jan 2025 19:20:18 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CDF2C3858D35
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CDF2C3858D35
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::102f
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735845619; cv=none;
 b=JmomD8UpELPYnx0TknW2OZGnCWYqpA+mONt4DBBraFY1L0COx82gnfCBL2gCscd5W607PIB7dVfHXXCAYCsa/kIJgxucj37Ql/rjA0hX/FhKMW62j9u7H9BD+N8L8hrQ9dlldCPXtLmh6cekwYLeaw2NgHKgXT4hFYNUOrgRv0I=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1735845619; c=relaxed/simple;
 bh=Ts3DoiJgzhSachI35gcBYc4jL2dKjsWHOSRt+CwKmsw=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=jhEzR39aNWks82p0Wrpf0yKJI5BzJeI3J6LTBAvSAGCyt71tb2r6s9XwUoOGYfjrNHbgIQYPbn2xFcJ0Ov+PnlhcsgbivK0pvLcjQF0CluCdf38DYCQB0VVz5LCVicHzfMNFSEK/Mlm0lwVZ6kdFAIwdxF7cr0cX/0ynxQG2DfI=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CDF2C3858D35
Received: by mail-pj1-x102f.google.com with SMTP id
 98e67ed59e1d1-2ef87d24c2dso13083051a91.1
 for <binutils@sourceware.org>; Thu, 02 Jan 2025 11:20:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1735845617; x=1736450417; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=0SLcS75QR7t/0rk/gN7/PqEePz2ynvksKumxuhCadAM=;
 b=OLROzmHFG0a1Ymig0Dq1Oe7qsX2uIZw0q5As0T1rcTCEydxeOX4we2zWUTabZrDCkf
 qHpXT6X/Ck67kMrop/2PtsGAPO01iYGYl5wkpSkB6AiazOydTBHiUseFGyKze/RhtVuv
 ggjRGhBU1Wf2Cyu6D1vDEETa8qvsE4IJkeueoFnbDByIJwAE52aULuVCQvsNeqeMPVYG
 bpJXzlwmqcJA0rYykKQuJ8u5KhnwReoDDS63f+RspfhzIN84V6eFFrOVu+8czYHxKb1Y
 4s0Ro2sWhKFworqDLSlL49QysOtb0G7BeTAcVEkVdwMSQt8ixVKybGgVQig6NG+7YB9H
 ++vw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1735845617; x=1736450417;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=0SLcS75QR7t/0rk/gN7/PqEePz2ynvksKumxuhCadAM=;
 b=SpsdJJc2Zbf1crfd9z59YqjeDqPDZJoF/c+NgN5L/z84lU36T35VR37/d7oqmTeFsf
 +lvyA6//0H0VEM6V7FbL17sq+e7vI+ddNK9omHx7iz2hSIZh6ygGcdPABK003cAglvPT
 kVThB5tNyOe1tJEpVJOKjl8NSX/a+7QJ/ebsr/WsX6JhV2RBxtGK3ZH0Hd3A/jQ45J7c
 V26bZEloyomFlX4/OZSep0OnbYoD+/aNSpslMhhT7uHZpSKPJvY8+KjbG1UHBvJizyCM
 9Oq1pFd7ECwb/WXFiF83lCHktfw1MWah5DYCDV9zFV5yhRDSFGgly+2Vmf6XrSJz1+iW
 s5ng==
X-Gm-Message-State: AOJu0YyglJaTNREbK4xV+zKMQax263A2IwjD/vpM5SYI/G8azTm2rhHv
 QIXNKt6WnFUIgqGfjjdidaN2/IAD0qlmLaHGQAragZBknLZp1SU00Ulsg+GmQUtoK2wYPIth3Uq
 f
X-Gm-Gg: ASbGncvKp+sQe9EMb+1RNoORXXjjr1ZqszblYNH9wle6kcW0h5HObsJfJQbhkTCfpir
 r4Pcfhs/yWvmzDUX7uDeZftTgRzjd8WTsJ/Y+b1Rk6DGSli52DDeDwtX/jY7KqJg9UD7ntSDJfK
 uJ0nosX6oO1OWgNmjSmMZ1l5salmFtucGBwkr7fX8nfW5dYo7sBPKFgExQwph+B5Gw//tNdiW84
 2e52YO7rSSMLPvePGZBL0MIab/8/kt4QUtOG5VJMlwHPCF8Wy45mEUR5yslzM/RSSbxzPXVIMcb
 GVZ+YhCWAd8uotBeUr0OXE49uY+F
X-Received: by 2002:a05:6a00:8085:b0:725:ae5f:7f06 with SMTP id
 d2e1a72fcca58-72abe096383mr71393772b3a.23.1735845617224;
 Thu, 02 Jan 2025 11:20:17 -0800 (PST)
Received: from ubuntu-vm.. (201-92-186-201.dsl.telesp.net.br. [201.92.186.201])
 by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-842b85efb58sm22604630a12.34.2025.01.02.11.20.15
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 02 Jan 2025 11:20:16 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: binutils@sourceware.org
Cc: Jeff Xu <jeffxu@google.com>,
	"H . J . Lu" <hjl.tools@gmail.com>
Subject: [PATCH v5 3/3] ld: Add --enable-memory-seal configure option
Date: Thu,  2 Jan 2025 16:19:30 -0300
Message-ID: <20250102192006.1318325-4-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20250102192006.1318325-1-adhemerval.zanella@linaro.org>
References: <20250102192006.1318325-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
Errors-To: binutils-bounces~patch=linaro.org@sourceware.org

Add --enable-memory-seal linker configure option to enable memory
sealing (GNU_PROPERTY_MEMORY_SEAL) by default.

Change-Id: I4ce4ff33657f0f09b1ceb06210b6fcaa501f1799
---
 binutils/testsuite/lib/binutils-common.exp | 22 +++++++++++++
 ld/NEWS                                    |  3 +-
 ld/config.in                               |  3 ++
 ld/configure                               | 38 ++++++++++++++++++----
 ld/configure.ac                            | 17 ++++++++++
 ld/emultempl/elf.em                        |  1 +
 ld/lexsup.c                                |  7 ++++
 ld/testsuite/config/default.exp            |  8 +++++
 ld/testsuite/ld-srec/srec.exp              |  4 +++
 ld/testsuite/lib/ld-lib.exp                |  6 ++++
 10 files changed, 101 insertions(+), 8 deletions(-)

diff --git a/binutils/testsuite/lib/binutils-common.exp b/binutils/testsuite/lib/binutils-common.exp
index daf12eb0fbb..72664d84bcc 100644
--- a/binutils/testsuite/lib/binutils-common.exp
+++ b/binutils/testsuite/lib/binutils-common.exp
@@ -408,6 +408,25 @@ proc check_relro_support { } {
     return $relro_available_saved
 }
 
+proc check_memory_seal_support { } {
+    global memory_seal_available_saved
+    global ld
+
+    if {![info exists memory_seal_available_saved]} {
+	remote_file host delete nomemory_seal
+	set ld_output [remote_exec host $ld "-z nomemory-seal"]
+	if { [string first "not supported" $ld_output] >= 0
+	     || [string first "unrecognized option" $ld_output] >= 0
+	     || [string first "-z nomemory-seal ignored" $ld_output] >= 0
+	     || [string first "cannot find nomemory-seal" $ld_output] >= 0 } {
+	    set memory_seal_available_saved 0
+	} else {
+	    set memory_seal_available_saved 1
+	}
+    }
+    return $memory_seal_available_saved
+}
+
 # Check for support of the .noinit section, used for data that is not
 # initialized at load, or during the application's initialization sequence.
 proc supports_noinit_section {} {
@@ -1401,6 +1420,9 @@ proc run_dump_test { name {extra_options {}} } {
 	    if [check_relro_support] {
 		set ld_extra_opt "-z norelro"
 	    }
+	    if [check_memory_seal_support] {
+		append ld_extra_opt " -z nomemory-seal"
+	    }
 
 	    # Add -L$srcdir/$subdir so that the linker command can use
 	    # linker scripts in the source directory.
diff --git a/ld/NEWS b/ld/NEWS
index 5d5fec4aed3..4aa5408d88f 100644
--- a/ld/NEWS
+++ b/ld/NEWS
@@ -34,7 +34,8 @@ Changes in 2.43:
 * Add -plugin-save-temps to store plugin intermediate files permanently.
 
 * Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the
-  object to memory sealed.
+  object to memory sealed.   Also added --enable-memory-seal configure option
+  to enable the memory sealing by default.
 
 Changes in 2.42:
 
diff --git a/ld/config.in b/ld/config.in
index 633105a43ad..ed838463856 100644
--- a/ld/config.in
+++ b/ld/config.in
@@ -60,6 +60,9 @@
    default. */
 #undef DEFAULT_LD_Z_SEPARATE_CODE
 
+/* Define to 1 if you want to enable -z memory-seal in ELF linker by default.  */
+#undef DEFAULT_LD_Z_MEMORY_SEAL
+
 /* Define to 1 if you want to set DT_RUNPATH instead of DT_RPATH by default.
    */
 #undef DEFAULT_NEW_DTAGS
diff --git a/ld/configure b/ld/configure
index 0b4197d1c4f..f34141bb238 100755
--- a/ld/configure
+++ b/ld/configure
@@ -854,6 +854,7 @@ enable_textrel_check
 enable_separate_code
 enable_rosegment
 enable_mark_plt
+enable_memory_seal
 enable_warn_execstack
 enable_error_execstack
 enable_warn_rwx_segments
@@ -1551,6 +1552,7 @@ Optional Features:
   --enable-separate-code  enable -z separate-code in ELF linker by default
   --enable-rosegment      enable --rosegment in the ELF linker by default
   --enable-mark-plt       enable -z mark-plt in ELF x86-64 linker by default
+  --enable-memory-seal    enable -z memory-seal in ELF linker by default
   --enable-warn-execstack enable warnings when creating an executable stack
   --enable-error-execstack
                           turn executable stack warnings into errors
@@ -11686,7 +11688,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11689 "configure"
+#line 11691 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -11792,7 +11794,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11795 "configure"
+#line 11797 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -15251,7 +15253,7 @@ else
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15297,7 +15299,7 @@ else
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15321,7 +15323,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15366,7 +15368,7 @@ else
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15390,7 +15392,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15709,6 +15711,17 @@ esac
 fi
 
 
+# Decide if -z memory-seal should be enabled in ELF linker by default.
+ac_default_ld_z_memory_seal=unset
+# Check whether --enable-memory-seal was given.
+if test "${enable_memory_seal+set}" = set; then :
+  enableval=$enable_memory_seal; case "${enableval}" in
+  yes) ac_default_ld_z_memory_seal=1 ;;
+  no) ac_default_ld_z_memory_seal=0 ;;
+esac
+fi
+
+
 
 # By default warn when an executable stack is created due to object files
 # requesting such, not when the user specifies -z execstack.
@@ -18965,6 +18978,8 @@ main ()
     if (*(data + i) != *(data3 + i))
       return 14;
   close (fd);
+  free (data);
+  free (data3);
   return 0;
 }
 _ACEOF
@@ -19444,6 +19459,15 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
+if test "${ac_default_ld_z_memory_seal}" = unset; then
+  ac_default_ld_z_memory_seal=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define DEFAULT_LD_Z_MEMORY_SEAL $ac_default_ld_z_memory_seal
+_ACEOF
+
+
 
 
 cat >>confdefs.h <<_ACEOF
diff --git a/ld/configure.ac b/ld/configure.ac
index 004fa31d877..228f2ee4089 100644
--- a/ld/configure.ac
+++ b/ld/configure.ac
@@ -232,6 +232,16 @@ AC_ARG_ENABLE(mark-plt,
   no) ac_default_ld_z_mark_plt=0 ;;
 esac])
 
+# Decide if -z memory-seal should be enabled in ELF linker by default.
+ac_default_ld_z_memory_seal=unset
+AC_ARG_ENABLE(memory-seal,
+	      AS_HELP_STRING([--enable-memory-seal],
+	      [enable -z memory-seal in ELF linker by default]),
+[case "${enableval}" in
+  yes) ac_default_ld_z_memory_seal=1 ;;
+  no) ac_default_ld_z_memory_seal=0 ;;
+esac])
+
 
 # By default warn when an executable stack is created due to object files
 # requesting such, not when the user specifies -z execstack.
@@ -617,6 +627,13 @@ AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MARK_PLT,
   $ac_default_ld_z_mark_plt,
   [Define to 1 if you want to enable -z mark-plt in ELF x86-64 linker by default.])
 
+if test "${ac_default_ld_z_memory_seal}" = unset; then
+  ac_default_ld_z_memory_seal=0
+fi
+AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MEMORY_SEAL,
+  $ac_default_ld_z_memory_seal,
+  [Define to 1 if you want to enable -z memory_seal in ELF linker by default.])
+
 
 AC_DEFINE_UNQUOTED(DEFAULT_LD_WARN_EXECSTACK,
   $ac_default_ld_warn_execstack,
diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em
index 9a14eae749e..d8fb034697b 100644
--- a/ld/emultempl/elf.em
+++ b/ld/emultempl/elf.em
@@ -99,6 +99,7 @@ fragment <<EOF
   link_info.default_execstack = DEFAULT_LD_EXECSTACK;
   link_info.error_execstack = DEFAULT_LD_ERROR_EXECSTACK;
   link_info.warn_is_error_for_rwx_segments = DEFAULT_LD_ERROR_RWX_SEGMENTS;
+  link_info.memory_seal = DEFAULT_LD_Z_MEMORY_SEAL;
 }
 
 EOF
diff --git a/ld/lexsup.c b/ld/lexsup.c
index 9cf1a9a033b..5399aa45b72 100644
--- a/ld/lexsup.c
+++ b/ld/lexsup.c
@@ -2265,10 +2265,17 @@ elf_shlib_list_options (FILE *file)
       fprintf (file, _("\
   -z textoff                  Don't treat DT_TEXTREL in output as error\n"));
     }
+#if DEFAULT_LD_Z_MEMORY_SEAL
+  fprintf (file, _("\
+  -z memory-seal              Mark object be memory sealed (default)\n"));
+  fprintf (file, _("\
+  -z nomemory-seal            Don't mark oject to be memory sealed\n"));
+#else
   fprintf (file, _("\
   -z memory-seal              Mark object be memory sealed\n"));
   fprintf (file, _("\
   -z nomemory-seal            Don't mark oject to be memory sealed (default)\n"));
+#endif
 }
 
 static void
diff --git a/ld/testsuite/config/default.exp b/ld/testsuite/config/default.exp
index 95ff4f19e7a..f93fb30ab07 100644
--- a/ld/testsuite/config/default.exp
+++ b/ld/testsuite/config/default.exp
@@ -382,6 +382,14 @@ if { ![info exists NO_DT_RELR_CC_LDFLAGS] } then {
     }
 }
 
+if { ![info exists NO_MEMORY_SEAL_LDFLAGS] } then {
+    if { [check_memory_seal_support] } then {
+	set NO_MEMORY_SEAL_LDFLAGS "-z nomemory-seal"
+    } else {
+	set NO_MEMORY_SEAL_LDFLAGS {}
+    }
+}
+
 # Set LD_CLASS to "64bit" for a 64-bit *host* linker.
 if { ![info exists LD_CLASS] } then {
     set REAL_LD [findfile $base_dir/.libs/ld-new .libs/ld-new $LD [transform ld]]
diff --git a/ld/testsuite/ld-srec/srec.exp b/ld/testsuite/ld-srec/srec.exp
index 49ca7454d86..bec59130425 100644
--- a/ld/testsuite/ld-srec/srec.exp
+++ b/ld/testsuite/ld-srec/srec.exp
@@ -226,12 +226,15 @@ proc run_srec_test { test objs } {
     global objcopy
     global sizeof_headers
     global host_triplet
+    global extra_flags
 
     # Tell the ELF linker to not do anything clever with .eh_frame,
     # not to put anything in small data, and define various symbols.
     set flags "--traditional-format -G 0 -e 0 "
     append flags [ld_link_defsyms]
 
+    append flags " $extra_flags"
+
     # If the linker script uses SIZEOF_HEADERS, use a -Ttext argument
     # to force both the normal link and the S-record link to be put in
     # the same place.  We don't always use -Ttext because it interacts
@@ -345,6 +348,7 @@ set test2 "S-records with constructors"
 # See whether the default linker script uses SIZEOF_HEADERS.
 set exec_output [run_host_cmd "$ld" "--verbose"]
 set sizeof_headers [string match "*SIZEOF_HEADERS*" $exec_output]
+set extra_flags " $NO_MEMORY_SEAL_LDFLAGS"
 
 # First test linking a C program.  We don't require any libraries.  We
 # link it normally, and objcopy to the S-record format, and then link
diff --git a/ld/testsuite/lib/ld-lib.exp b/ld/testsuite/lib/ld-lib.exp
index 6182d3e066a..c4653d4946b 100644
--- a/ld/testsuite/lib/ld-lib.exp
+++ b/ld/testsuite/lib/ld-lib.exp
@@ -460,6 +460,9 @@ proc run_ld_link_tests { ldtests args } {
     if [check_relro_support] {
 	append ld_extra_opt " -z norelro"
     }
+    if [check_memory_seal_support] {
+	append ld_extra_opt " -z nomemory-seal"
+    }
 
     foreach testitem $ldtests {
 	set testname [lindex $testitem 0]
@@ -977,6 +980,9 @@ proc run_cc_link_tests { ldtests } {
 		set failed 1
 	    }
 	} else {
+	    if [check_memory_seal_support] {
+		append ldflags " -z nomemory-seal"
+	    }
 	    if { [string match "" $STATIC_LDFLAGS] \
 		 && [regexp -- ".* \[-\]+static .*" " $board_cflags $board_ldflags $ldflags $objfiles "] } {
 		untested $testname