release 6.15.2 (preliminary)

2025-06-18 12:24:58 +03:00
parent 4d2691343a
commit 43dc655d2e
242 changed files with 7729 additions and 32303 deletions
--- a/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
+++ b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
@@ -31,7 +31,7 @@ cc: linux-efi@vger.kernel.org

 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1073,19 +1073,7 @@ void __init setup_arch(char **cmdline_p)
+@@ -1127,19 +1127,7 @@ void __init setup_arch(char **cmdline_p)
 	/* Allocate bigger log buffer */
 	setup_log_buf(1);
 
--- a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
+++ b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
@@ -26,7 +26,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>

 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -907,6 +907,8 @@ void __init setup_arch(char **cmdline_p)
+@@ -964,6 +964,8 @@ void __init setup_arch(char **cmdline_p)
 	if (efi_enabled(EFI_BOOT))
 		efi_init();
 
@@ -35,7 +35,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
 	reserve_ibft_region();
 	x86_init.resources.dmi_setup();
 
-@@ -1073,8 +1075,6 @@ void __init setup_arch(char **cmdline_p)
+@@ -1127,8 +1129,6 @@ void __init setup_arch(char **cmdline_p)
 	/* Allocate bigger log buffer */
 	setup_log_buf(1);
 
--- a/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch
+++ b/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch
@@ -22,9 +22,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

 --- a/include/linux/perf_event.h
 +++ b/include/linux/perf_event.h
-@@ -1701,6 +1701,11 @@ int perf_cpu_time_max_percent_handler(co
- int perf_event_max_stack_handler(const struct ctl_table *table, int write,
- 		void *buffer, size_t *lenp, loff_t *ppos);
+@@ -1684,6 +1684,11 @@ extern int sysctl_perf_event_sample_rate
+ 
+ extern void perf_sample_event_took(u64 sample_len_ns);
 
 +static inline bool perf_paranoid_any(void)
 +{
@@ -36,7 +36,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 
 --- a/kernel/events/core.c
 +++ b/kernel/events/core.c
-@@ -449,8 +449,13 @@ static struct kmem_cache *perf_event_cac
+@@ -450,8 +450,13 @@ static struct kmem_cache *perf_event_cac
  *   0 - disallow raw tracepoint access for unpriv
  *   1 - disallow cpu events for unpriv
  *   2 - disallow kernel profiling for unpriv
@@ -48,9 +48,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 int sysctl_perf_event_paranoid __read_mostly = 2;
 +#endif
 
- /* Minimum for 512 kiB + 1 user control page */
- int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
-@@ -12813,6 +12818,9 @@ SYSCALL_DEFINE5(perf_event_open,
+ /* Minimum for 512 kiB + 1 user control page. 'free' kiB per user. */
+ static int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024);
+@@ -13084,6 +13089,9 @@ SYSCALL_DEFINE5(perf_event_open,
 	if (err)
 		return err;
 
@@ -58,13 +58,13 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 +		return -EACCES;
 +
 	/* Do we allow access to perf_event_open(2) ? */
- 	err = security_perf_event_open(&attr, PERF_SECURITY_OPEN);
+ 	err = security_perf_event_open(PERF_SECURITY_OPEN);
 	if (err)
 --- a/security/Kconfig
 +++ b/security/Kconfig
-@@ -51,6 +51,15 @@ config PROC_MEM_NO_FORCE
- 
- endchoice
+@@ -72,6 +72,15 @@ config MSEAL_SYSTEM_MAPPINGS
+ 	  For complete descriptions of memory sealing, please see
+ 	  Documentation/userspace-api/mseal.rst
 
 +config SECURITY_PERF_EVENTS_RESTRICT
 +	bool "Restrict unprivileged use of performance events"