diff --git a/debian/changelog b/debian/changelog
index 19255af1f..62518c417 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (4.15.1-1~exp1) UNRELEASED; urgency=medium
+linux (4.15.2-1~exp1) UNRELEASED; urgency=medium
 
   * New upstream release: https://kernelnewbies.org/Linux_4.15
   * New upstream stable update:
@@ -58,6 +58,68 @@ linux (4.15.1-1~exp1) UNRELEASED; urgency=medium
     - Input: synaptics-rmi4 - unmask F03 interrupts when port is opened
     - Input: synaptics-rmi4 - do not delete interrupt memory too early
     - x86/efi: Clarify that reset attack mitigation needs appropriate userspace
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.2
+    - KVM: x86: Make indirect calls in emulator speculation safe
+    - KVM: VMX: Make indirect call speculation safe
+    - module/retpoline: Warn about missing retpoline in module
+    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
+    - x86/cpufeatures: Add Intel feature bits for Speculation Control
+    - x86/cpufeatures: Add AMD feature bits for Speculation Control
+    - x86/msr: Add definitions for new speculation control MSRs
+    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
+    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
+    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
+    - x86/alternative: Print unadorned pointers
+    - x86/nospec: Fix header guards names
+    - x86/bugs: Drop one "mitigation" from dmesg
+    - x86/cpu/bugs: Make retpoline module warning conditional
+    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+    - x86/retpoline: Simplify vmexit_fill_RSB()
+    - x86/speculation: Simplify indirect_branch_prediction_barrier()
+    - auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+    - iio: adc/accel: Fix up module licenses
+    - pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+    - ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+    - KVM: nVMX: Eliminate vmcs02 pool
+    - KVM: VMX: introduce alloc_loaded_vmcs
+    - objtool: Improve retpoline alternative handling
+    - objtool: Add support for alternatives at the end of a section
+    - objtool: Warn on stripped section symbol
+    - x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
+    - x86/spectre: Check CONFIG_RETPOLINE in command line parser
+    - x86/entry/64: Remove the SYSCALL64 fast path
+    - x86/entry/64: Push extra regs right away
+    - x86/asm: Move 'status' from thread_struct to thread_info
+    - Documentation: Document array_index_nospec
+    - array_index_nospec: Sanitize speculative array de-references
+    - x86: Implement array_index_mask_nospec
+    - x86: Introduce barrier_nospec
+    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+    - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
+    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
+    - x86/get_user: Use pointer masking to limit speculation
+    - x86/syscall: Sanitize syscall table de-references under speculation
+    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
+    - nl80211: Sanitize array index in parse_txq_params
+    - x86/spectre: Report get_user mitigation for spectre_v1
+    - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
+    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
+    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch
+    - x86/paravirt: Remove 'noreplace-paravirt' cmdline option
+    - KVM: VMX: make MSR bitmaps per-VCPU
+    - x86/kvm: Update spectre-v1 mitigation
+    - x86/retpoline: Avoid retpolines for built-in __init functions
+    - x86/spectre: Simplify spectre_v2 command line parsing
+    - x86/pti: Mark constant arrays as __initconst
+    - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
+    - KVM/x86: Update the reverse_cpuid list to include CPUID_7_EDX
+    - KVM/x86: Add IBPB support
+    - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
+    - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
+    - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
+    - serial: core: mark port as initialized after successful IRQ change
+    - fpga: region: release of_parse_phandle nodes after use
 
   [ Bastian Blank ]
   * Add cloud-amd64 kernel flavour.
diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
index 5e8946e34..b97167b9f 100644
--- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
+++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
@@ -19,18 +19,19 @@ version at boot time.  Add a Kconfig parameter to set the default.
 
 Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 ---
- Documentation/admin-guide/kernel-parameters.txt |    4 ++
- arch/x86/Kconfig                                |    8 ++++
- arch/x86/entry/common.c                         |   16 ++++++++-
- arch/x86/entry/entry_64.S                       |   18 +++++++++--
- arch/x86/entry/syscall_64.c                     |   39 ++++++++++++++++++++++++
- arch/x86/include/asm/elf.h                      |    3 +
- arch/x86/include/asm/syscall.h                  |    6 +++
- 7 files changed, 89 insertions(+), 5 deletions(-)
+ Documentation/admin-guide/kernel-parameters.txt |  4 ++++
+ arch/x86/Kconfig                                |  8 +++++++
+ arch/x86/entry/common.c                         | 16 +++++++++++--
+ arch/x86/entry/syscall_64.c                     | 31 +++++++++++++++++++++++++
+ arch/x86/include/asm/elf.h                      |  3 ++-
+ arch/x86/include/asm/syscall.h                  |  6 +++++
+ 6 files changed, 65 insertions(+), 3 deletions(-)
 
+diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
+index 1e762c210f1b..9fd9eb61606d 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4048,6 +4048,10 @@
+@@ -4096,6 +4096,10 @@
  
  	switches=	[HW,M68k]
  
@@ -41,9 +42,11 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  	sysfs.deprecated=0|1 [KNL]
  			Enable/disable old style sysfs layout for old udev
  			on older distributions. When this option is enabled
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
+index 20da391b5f32..16f0c88fcc3d 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -2850,6 +2850,14 @@ config COMPAT_32
+@@ -2863,6 +2863,14 @@ config COMPAT_32
  	select HAVE_UID16
  	select OLD_SIGSUSPEND3
  
@@ -58,6 +61,90 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  config COMPAT
  	def_bool y
  	depends on IA32_EMULATION || X86_X32
+diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
+index 21dbdf0e476b..a26c084ecca5 100644
+--- a/arch/x86/entry/common.c
++++ b/arch/x86/entry/common.c
+@@ -270,6 +270,7 @@ __visible void do_syscall_64(struct pt_regs *regs)
+ {
+ 	struct thread_info *ti = current_thread_info();
+ 	unsigned long nr = regs->orig_ax;
++	unsigned int syscall_mask, nr_syscalls_enabled;
+ 
+ 	enter_from_user_mode();
+ 	local_irq_enable();
+@@ -282,8 +283,19 @@ __visible void do_syscall_64(struct pt_regs *regs)
+ 	 * table.  The only functional difference is the x32 bit in
+ 	 * regs->orig_ax, which changes the behavior of some syscalls.
+ 	 */
+-	if (likely((nr & __SYSCALL_MASK) < NR_syscalls)) {
+-		nr = array_index_nospec(nr & __SYSCALL_MASK, NR_syscalls);
++	if (__SYSCALL_MASK == ~0U || x32_enabled) {
++		syscall_mask = __SYSCALL_MASK;
++		nr_syscalls_enabled = NR_syscalls;
++	} else {
++		/*
++		 * x32 syscalls present but not enabled.  Don't mask out
++		 * the x32 flag and don't enable any x32-specific calls.
++		 */
++		syscall_mask = ~0U;
++		nr_syscalls_enabled = 512;
++	}
++	if (likely((nr & syscall_mask) < nr_syscalls_enabled)) {
++		nr = array_index_nospec(nr & syscall_mask, nr_syscalls_enabled);
+ 		regs->ax = sys_call_table[nr](
+ 			regs->di, regs->si, regs->dx,
+ 			regs->r10, regs->r8, regs->r9);
+diff --git a/arch/x86/entry/syscall_64.c b/arch/x86/entry/syscall_64.c
+index c176d2fab1da..0f15e2686d09 100644
+--- a/arch/x86/entry/syscall_64.c
++++ b/arch/x86/entry/syscall_64.c
+@@ -4,8 +4,14 @@
+ #include <linux/linkage.h>
+ #include <linux/sys.h>
+ #include <linux/cache.h>
++#include <linux/moduleparam.h>
++#undef MODULE_PARAM_PREFIX
++#define MODULE_PARAM_PREFIX "syscall."
++#include <linux/bug.h>
++#include <linux/init.h>
+ #include <asm/asm-offsets.h>
+ #include <asm/syscall.h>
++#include <asm/text-patching.h>
+ 
+ #define __SYSCALL_64(nr, sym, qual) extern asmlinkage long sym(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long);
+ #include <asm/syscalls_64.h>
+@@ -23,3 +29,28 @@ asmlinkage const sys_call_ptr_t sys_call_table[__NR_syscall_max+1] = {
+ 	[0 ... __NR_syscall_max] = &sys_ni_syscall,
+ #include <asm/syscalls_64.h>
+ };
++
++#ifdef CONFIG_X86_X32_ABI
++
++/* Maybe enable x32 syscalls */
++
++bool x32_enabled = !IS_ENABLED(CONFIG_X86_X32_DISABLED);
++module_param_named(x32, x32_enabled, bool, 0444);
++
++static int __init x32_enable(void)
++{
++	if (x32_enabled) {
++#ifdef CONFIG_X86_X32_DISABLED
++		pr_info("Enabled x32 syscalls\n");
++#endif
++	}
++#ifndef CONFIG_X86_X32_DISABLED
++	else
++		pr_info("Disabled x32 syscalls\n");
++#endif
++
++	return 0;
++}
++late_initcall(x32_enable);
++
++#endif
+diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
+index 0d157d2a1e2a..17e23826a802 100644
 --- a/arch/x86/include/asm/elf.h
 +++ b/arch/x86/include/asm/elf.h
 @@ -10,6 +10,7 @@
@@ -77,129 +164,11 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  
  #if __USER32_DS != __USER_DS
  # error "The following code assumes __USER32_DS == __USER_DS"
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -251,8 +251,12 @@ entry_SYSCALL_64_fastpath:
- #if __SYSCALL_MASK == ~0
- 	cmpq	$__NR_syscall_max, %rax
- #else
--	andl	$__SYSCALL_MASK, %eax
--	cmpl	$__NR_syscall_max, %eax
-+.global system_call_fast_compare
-+.global system_call_fast_compare_end
-+system_call_fast_compare:
-+	cmpq	$511, %rax			/* x32 syscalls start at 512 */
-+	.byte	P6_NOP4
-+system_call_fast_compare_end:
- #endif
- 	ja	1f				/* return -ENOSYS (already in pt_regs->ax) */
- 	movq	%r10, %rcx
-@@ -409,6 +413,16 @@ syscall_return_via_sysret:
- 	USERGS_SYSRET64
- END(entry_SYSCALL_64)
- 
-+#if __SYSCALL_MASK != ~0
-+	/* This replaces the usual comparisons if syscall.x32 is set */
-+.global system_call_mask_compare
-+.global system_call_mask_compare_end
-+system_call_mask_compare:
-+	andl	$__SYSCALL_MASK, %eax
-+	cmpl	$__NR_syscall_max, %eax
-+system_call_mask_compare_end:
-+#endif
-+
- ENTRY(stub_ptregs_64)
- 	/*
- 	 * Syscalls marked as needing ptregs land here.
---- a/arch/x86/entry/syscall_64.c
-+++ b/arch/x86/entry/syscall_64.c
-@@ -4,8 +4,14 @@
- #include <linux/linkage.h>
- #include <linux/sys.h>
- #include <linux/cache.h>
-+#include <linux/moduleparam.h>
-+#undef MODULE_PARAM_PREFIX
-+#define MODULE_PARAM_PREFIX "syscall."
-+#include <linux/bug.h>
-+#include <linux/init.h>
- #include <asm/asm-offsets.h>
- #include <asm/syscall.h>
-+#include <asm/text-patching.h>
- 
- #define __SYSCALL_64_QUAL_(sym) sym
- #define __SYSCALL_64_QUAL_ptregs(sym) ptregs_##sym
-@@ -26,3 +32,36 @@ asmlinkage const sys_call_ptr_t sys_call
- 	[0 ... __NR_syscall_max] = &sys_ni_syscall,
- #include <asm/syscalls_64.h>
- };
-+
-+#ifdef CONFIG_X86_X32_ABI
-+
-+/* Maybe enable x32 syscalls */
-+
-+bool x32_enabled = !IS_ENABLED(CONFIG_X86_X32_DISABLED);
-+module_param_named(x32, x32_enabled, bool, 0444);
-+
-+extern char system_call_fast_compare_end[], system_call_fast_compare[],
-+	system_call_mask_compare_end[], system_call_mask_compare[];
-+
-+static int __init x32_enable(void)
-+{
-+	BUG_ON(system_call_fast_compare_end - system_call_fast_compare != 10);
-+	BUG_ON(system_call_mask_compare_end - system_call_mask_compare != 10);
-+
-+	if (x32_enabled) {
-+		text_poke_early(system_call_fast_compare,
-+				system_call_mask_compare, 10);
-+#ifdef CONFIG_X86_X32_DISABLED
-+		pr_info("Enabled x32 syscalls\n");
-+#endif
-+	}
-+#ifndef CONFIG_X86_X32_DISABLED
-+	else
-+		pr_info("Disabled x32 syscalls\n");
-+#endif
-+
-+	return 0;
-+}
-+late_initcall(x32_enable);
-+
-+#endif
---- a/arch/x86/entry/common.c
-+++ b/arch/x86/entry/common.c
-@@ -269,6 +269,7 @@ __visible void do_syscall_64(struct pt_r
- {
- 	struct thread_info *ti = current_thread_info();
- 	unsigned long nr = regs->orig_ax;
-+	unsigned int syscall_mask, nr_syscalls_enabled;
- 
- 	enter_from_user_mode();
- 	local_irq_enable();
-@@ -281,8 +282,19 @@ __visible void do_syscall_64(struct pt_r
- 	 * table.  The only functional difference is the x32 bit in
- 	 * regs->orig_ax, which changes the behavior of some syscalls.
- 	 */
--	if (likely((nr & __SYSCALL_MASK) < NR_syscalls)) {
--		regs->ax = sys_call_table[nr & __SYSCALL_MASK](
-+	if (__SYSCALL_MASK == ~0U || x32_enabled) {
-+		syscall_mask = __SYSCALL_MASK;
-+		nr_syscalls_enabled = NR_syscalls;
-+	} else {
-+		/*
-+		 * x32 syscalls present but not enabled.  Don't mask out
-+		 * the x32 flag and don't enable any x32-specific calls.
-+		 */
-+		syscall_mask = ~0U;
-+		nr_syscalls_enabled = 512;
-+	}
-+	if (likely((nr & syscall_mask) < nr_syscalls_enabled)) {
-+		regs->ax = sys_call_table[nr & syscall_mask](
- 			regs->di, regs->si, regs->dx,
- 			regs->r10, regs->r8, regs->r9);
- 	}
+diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h
+index 03eedc21246d..c5bce400ebb4 100644
 --- a/arch/x86/include/asm/syscall.h
 +++ b/arch/x86/include/asm/syscall.h
-@@ -35,6 +35,12 @@ extern const sys_call_ptr_t sys_call_tab
+@@ -35,6 +35,12 @@ extern const sys_call_ptr_t sys_call_table[];
  extern const sys_call_ptr_t ia32_sys_call_table[];
  #endif
  
@@ -212,3 +181,6 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  /*
   * Only the low 32 bits of orig_ax are meaningful, so we return int.
   * This importantly ignores the high bits on 64-bit, so comparisons
+-- 
+2.16.1
+