BFD linker can't output .note.GNU-stack section which leads to executable stack

[liuyuan10]

To reproduce:
apply patch:

--- a/tools/lkl/Makefile
+++ b/tools/lkl/Makefile
@@ -124,7 +124,7 @@ endif

 lib/lkl.o:
        $(Q)$(MAKE) -C ../.. ARCH=lkl $(KOPT) defconfig
-       $(Q)$(MAKE) -C ../.. ARCH=lkl $(KOPT) install INSTALL_PATH=$(CURDIR)
+       $(Q)$(MAKE) -C ../.. ARCH=lkl LDFLAGS="-z noexecstack" $(KOPT) install INSTALL_PATH=$(CURDIR)

$ cd tools/lkl
$ ls -al `which ld`
/usr/bin/ld -> ld.bfd
$ make clean && make -j
$ readelf -S ../../vmlinux | grep GNU-stack
// nothing

Interestingly, the ld.gold works:
$ make -j LD=ld.gold
$ readelf -S ../../vmlinux | grep GNU-stack
[40] .note.GNU-stack PROGBITS 0000000000000000 024a73b0

Even before patching, ld.gold can output .note.GNU-stack with X (executable) flag as expected.

As a library, it's a common requirement that the stack is not executable. In my case, I can't use ld.gold due to some other bugs in gold. I'm reluctant to think it's a bug in BFD linker. Posting here to see if there is any switch I'm missing.