build: add option for building with stack-protector-all

The GCC option -fstack-protector-all is a security feature used to protect against stack-smashing attacks.
This option enhances the stack-smashing protection provided by -fstack-protector-strong.
-fstack-protector-all option applies stack protection to all functions, regardless of their characteristics.
While this offers the most comprehensive protection against stack-smashing attacks, it can significantly impact
the performance of the program because every function call includes additional checks for stack integrity.
This option can incur a performance penalty because of the extra checks added to every function call,
but it significantly enhances security, making it harder for attackers to exploit buffer overflows to execute arbitrary code.
It's particularly useful in scenarios where security is paramount and performance trade-offs are acceptable.

Signed-off-by: Cedric DOURLENT <[email protected]>

config/Config-build.in

@@ -293,6 +293,8 @@ menu "Global build settings"
 			bool "Regular"
 		config PKG_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
+		config PKG_CC_STACKPROTECTOR_ALL
+			bool "All"
 	endchoice
 
 	choice

include/hardening.mk

@@ -36,6 +36,11 @@ ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
     TARGET_CFLAGS += -fstack-protector-strong
   endif
 endif
+ifdef CONFIG_PKG_CC_STACKPROTECTOR_ALL
+  ifeq ($(strip $(PKG_SSP)),1)
+    TARGET_CFLAGS += -fstack-protector-all
+  endif
+endif
 ifdef CONFIG_PKG_FORTIFY_SOURCE_1
   ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
     TARGET_CFLAGS += -D_FORTIFY_SOURCE=1