diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7
--- a/share/man/man7/mitigations.7
+++ b/share/man/man7/mitigations.7
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd July 23, 2024
+.Dd January 25, 2025
 .Dt MITIGATIONS 7
 .Os
 .Sh NAME
@@ -244,9 +244,13 @@
 .Fx
 supports stack overflow protection using the Stack Smashing Protector
 .Pq SSP
-compiler feature.
+compiler feature,
+and stack clash protection.
 In userland, SSP adds a per-process randomized canary at the end of every stack
-frame which is checked for corruption upon return from the function.
+frame which is checked for corruption upon return from the function,
+and stack probing in
+.Dv PAGE_SIZE
+chunks.
 In the kernel, a single randomized canary is used globally except on aarch64,
 which has a
 .Dv PERTHREAD_SSP
@@ -264,7 +268,9 @@
 .Va WITH_SSP
 is enabled, which is the default, world is built with the
 .Fl fstack-protector-strong
-compiler option.
+and
+.Fl fstack-clash-protection
+compiler options.
 The kernel is built with the
 .Fl fstack-protector
 option.
diff --git a/share/mk/bsd.sys.mk b/share/mk/bsd.sys.mk
--- a/share/mk/bsd.sys.mk
+++ b/share/mk/bsd.sys.mk
@@ -304,7 +304,7 @@
 FORTIFY_SOURCE?=	0
 .if ${MK_SSP} != "no"
 # Don't use -Wstack-protector as it breaks world with -Werror.
-SSP_CFLAGS?=	-fstack-protector-strong
+SSP_CFLAGS?=	-fstack-protector-strong -fstack-clash-protection
 CFLAGS+=	${SSP_CFLAGS}
 .endif # SSP
 .if ${FORTIFY_SOURCE} > 0