Add stack clash protection to the WITH_SSP flag

Some background info availabe in:
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3
https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D48651

share/man/man7/mitigations.7

@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd July 23, 2024
+.Dd January 25, 2025
 .Dt MITIGATIONS 7
 .Os
 .Sh NAME
@@ -244,9 +244,13 @@ and it is possible that some applications may not function correctly.
 .Fx
 supports stack overflow protection using the Stack Smashing Protector
 .Pq SSP
-compiler feature.
+compiler feature,
+and stack clash protection.
 In userland, SSP adds a per-process randomized canary at the end of every stack
-frame which is checked for corruption upon return from the function.
+frame which is checked for corruption upon return from the function,
+and stack probing in
+.Dv PAGE_SIZE
+chunks.
 In the kernel, a single randomized canary is used globally except on aarch64,
 which has a
 .Dv PERTHREAD_SSP
@@ -264,7 +268,9 @@ When
 .Va WITH_SSP
 is enabled, which is the default, world is built with the
 .Fl fstack-protector-strong
-compiler option.
+and
+.Fl fstack-clash-protection
+compiler options.
 The kernel is built with the
 .Fl fstack-protector
 option.

share/mk/bsd.sys.mk

@@ -304,7 +304,7 @@ CXXFLAGS.clang+=	 -Wno-c++11-extensions
 FORTIFY_SOURCE?=	0
 .if ${MK_SSP} != "no"
 # Don't use -Wstack-protector as it breaks world with -Werror.
-SSP_CFLAGS?=	-fstack-protector-strong
+SSP_CFLAGS?=	-fstack-protector-strong -fstack-clash-protection
 CFLAGS+=	${SSP_CFLAGS}
 .endif # SSP
 .if ${FORTIFY_SOURCE} > 0