diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.11.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.12.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.11.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.12.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.11.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.12.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.11.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.12.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
index f4d418bd79..9c216c54ac 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
@@ -1,2 +1,2 @@
 DIST linux-4.14.tar.xz 100770500 SHA256 f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 SHA512 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 WHIRLPOOL fee10d54ecb210156aa55364ecc15867127819e9f7ff9ec5f6ef159b1013e2ae3d3a28d35c62d663886cbe826b996a1387671766093be002536309045a8e4d10
-DIST patch-4.14.11.xz 379976 SHA256 f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9 SHA512 dbf5488f0ba4e18b253da02c5cc862096a3253689986fbf5cd89b835c94c2057f4196d8d278973254fdf6dd07629784bf1dc3bdc7d1ac3bb0682c6f9ad9d21ad WHIRLPOOL 47d1a8c13d7f1f61c0f29131e89c2bf0676018984c220ee20e5e67bd3766a5b70f00378dc70633bf018f1044eec134b0db0ef67d2d02c778fd84156725395862
+DIST patch-4.14.12.xz 382328 SHA256 da5d8db44b0988e4c45346899d3f5a51f8bd6c25f14e729615ca9ff9f17bdefd SHA512 b11b91503c9eb879b79cb16683204f5dbb467aac62dcfc1b025f889dc38016d990c0fd1879210226430e9f9ac6e168439b13603781188d67d213b12a334b4e5b WHIRLPOOL 022c77a93dab4761872cd67610ce64ba7b86bf3fb78385181fe30a2f3f142d9463f1785be86c923e321bbdde4a703c2ba471a26d3ebcbef77e3b3453663a5908
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.11.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.12.ebuild
similarity index 72%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.11.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.12.ebuild
index 3244b87fb4..836be075a9 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.11.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.12.ebuild
@@ -46,13 +46,9 @@ UNIPATCH_LIST="
 	${PATCH_DIR}/z0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch \
 	${PATCH_DIR}/z0004-block-factor-out-__blkdev_issue_zero_pages.patch \
 	${PATCH_DIR}/z0005-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch \
-	${PATCH_DIR}/z0006-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch \
-	${PATCH_DIR}/z0007-x86-pti-Make-sure-the-user-kernel-PTEs-match.patch \
-	${PATCH_DIR}/z0008-x86-pti-Switch-to-kernel-CR3-at-early-in-entry_SYSCA.patch \
-	${PATCH_DIR}/z0009-x86-process-Define-cpu_tss_rw-in-same-section-as-dec.patch \
-	${PATCH_DIR}/z0010-x86-mm-Set-MODULES_END-to-0xffffffffff000000.patch \
-	${PATCH_DIR}/z0011-x86-mm-Map-cpu_entry_area-at-the-same-place-on-4-5-l.patch \
-	${PATCH_DIR}/z0012-x86-kaslr-Fix-the-vaddr_end-mess.patch \
-	${PATCH_DIR}/z0013-x86-events-intel-ds-Use-the-proper-cache-flush-metho.patch \
-	${PATCH_DIR}/z0014-x86-tlb-Drop-the-_GPL-from-the-cpu_tlbstate-export.patch \
+	${PATCH_DIR}/z0006-x86-mm-Set-MODULES_END-to-0xffffffffff000000.patch \
+	${PATCH_DIR}/z0007-x86-mm-Map-cpu_entry_area-at-the-same-place-on-4-5-l.patch \
+	${PATCH_DIR}/z0008-x86-kaslr-Fix-the-vaddr_end-mess.patch \
+	${PATCH_DIR}/z0009-x86-events-intel-ds-Use-the-proper-cache-flush-metho.patch \
+	${PATCH_DIR}/z0010-x86-tlb-Drop-the-_GPL-from-the-cpu_tlbstate-export.patch \
 "
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
index 661838e864..15178a4961 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
@@ -1,7 +1,7 @@
-From 7c25b75b41bad6bb84644c9630d8c7d35a638d46 Mon Sep 17 00:00:00 2001
+From d32cba5030fd878d09f567916eade02006141a97 Mon Sep 17 00:00:00 2001
 From: Vito Caputo <vito.caputo@coreos.com>
 Date: Wed, 25 Nov 2015 02:59:45 -0800
-Subject: [PATCH 01/14] kbuild: derive relative path for KBUILD_SRC from CURDIR
+Subject: [PATCH 01/10] kbuild: derive relative path for KBUILD_SRC from CURDIR
 
 This enables relocating source and build trees to different roots,
 provided they stay reachable relative to one another.  Useful for
@@ -12,7 +12,7 @@ by some undesirable path component.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 655887067dc7..d4040d10df07 100644
+index 20f7d4de0f1c..0c3c92caf360 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -143,7 +143,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch
index 628d8d5ed9..511a651009 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch
@@ -1,7 +1,7 @@
-From 20720b9b549fc81b38a947870f719c521f57a224 Mon Sep 17 00:00:00 2001
+From 9caf327dfb0a7da20e8277e135929a3ae7d73e21 Mon Sep 17 00:00:00 2001
 From: Geoff Levand <geoff@infradead.org>
 Date: Fri, 11 Nov 2016 17:28:52 -0800
-Subject: [PATCH 02/14] Add arm64 coreos verity hash
+Subject: [PATCH 02/10] Add arm64 coreos verity hash
 
 Signed-off-by: Geoff Levand <geoff@infradead.org>
 ---
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
index f998d52aab..6078a83929 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
@@ -1,7 +1,7 @@
-From d60268fbdf436724ad6407412f76a0625d4dad64 Mon Sep 17 00:00:00 2001
+From 0ad805080ae867f8af81462be7f067c4c0041eb1 Mon Sep 17 00:00:00 2001
 From: Mohamed Ghannam <simo.ghannam@gmail.com>
 Date: Tue, 5 Dec 2017 12:23:04 -0800
-Subject: [PATCH 03/14] dccp: CVE-2017-8824: use-after-free in DCCP code
+Subject: [PATCH 03/10] dccp: CVE-2017-8824: use-after-free in DCCP code
 
 Whenever the sock object is in DCCP_CLOSED state, dccp_disconnect()
 must free dccps_hc_tx_ccid and dccps_hc_rx_ccid and set to NULL.
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-block-factor-out-__blkdev_issue_zero_pages.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-block-factor-out-__blkdev_issue_zero_pages.patch
index 29b99c8300..30d97c425f 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-block-factor-out-__blkdev_issue_zero_pages.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-block-factor-out-__blkdev_issue_zero_pages.patch
@@ -1,7 +1,7 @@
-From a893a5e86b327ba2451f33c2dc7b49b7025f930d Mon Sep 17 00:00:00 2001
+From 3674db0a28b9c0e585c556fdb8f14eb656894500 Mon Sep 17 00:00:00 2001
 From: Ilya Dryomov <idryomov@gmail.com>
 Date: Mon, 16 Oct 2017 15:59:09 +0200
-Subject: [PATCH 04/14] block: factor out __blkdev_issue_zero_pages()
+Subject: [PATCH 04/10] block: factor out __blkdev_issue_zero_pages()
 
 blkdev_issue_zeroout() will use this in !BLKDEV_ZERO_NOFALLBACK case.
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch
index 5b10166fb7..969880fc0b 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch
@@ -1,7 +1,7 @@
-From 0d68ba211ef1da9c35ae57b116aa11a620efc950 Mon Sep 17 00:00:00 2001
+From 65e2c9be0adbf3cf0a211c8f8f0530b482b0dd98 Mon Sep 17 00:00:00 2001
 From: Ilya Dryomov <idryomov@gmail.com>
 Date: Mon, 16 Oct 2017 15:59:10 +0200
-Subject: [PATCH 05/14] block: cope with WRITE ZEROES failing in
+Subject: [PATCH 05/10] block: cope with WRITE ZEROES failing in
  blkdev_issue_zeroout()
 
 sd_config_write_same() ignores ->max_ws_blocks == 0 and resets it to
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
deleted file mode 100644
index 0e8e7c7100..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 65e80d5382694684b7a6fef5bace975721384457 Mon Sep 17 00:00:00 2001
-From: Tom Lendacky <thomas.lendacky@amd.com>
-Date: Tue, 26 Dec 2017 23:43:54 -0600
-Subject: [PATCH 06/14] x86/cpu, x86/pti: Do not enable PTI on AMD processors
-
-AMD processors are not subject to the types of attacks that the kernel
-page table isolation feature protects against.  The AMD microarchitecture
-does not allow memory references, including speculative references, that
-access higher privileged data when running in a lesser privileged mode
-when that access would result in a page fault.
-
-Disable page table isolation by default on AMD processors by not setting
-the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
-is set.
-
-Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Borislav Petkov <bp@suse.de>
-Cc: Dave Hansen <dave.hansen@linux.intel.com>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: stable@vger.kernel.org
-Link: https://lkml.kernel.org/r/20171227054354.20369.94587.stgit@tlendack-t1.amdoffice.net
----
- arch/x86/kernel/cpu/common.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index f2a94dfb434e..b1be494ab4e8 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
- 
- 	setup_force_cpu_cap(X86_FEATURE_ALWAYS);
- 
--	/* Assume for now that ALL x86 CPUs are insecure */
--	setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
-+	if (c->x86_vendor != X86_VENDOR_AMD)
-+		setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
- 
- 	fpu__init_system(c);
- 
--- 
-2.14.1
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0010-x86-mm-Set-MODULES_END-to-0xffffffffff000000.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-x86-mm-Set-MODULES_END-to-0xffffffffff000000.patch
similarity index 97%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0010-x86-mm-Set-MODULES_END-to-0xffffffffff000000.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-x86-mm-Set-MODULES_END-to-0xffffffffff000000.patch
index ae4855144a..0aadcf8544 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0010-x86-mm-Set-MODULES_END-to-0xffffffffff000000.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-x86-mm-Set-MODULES_END-to-0xffffffffff000000.patch
@@ -1,7 +1,7 @@
-From a058d76b8da67c03e3ce13328b2ec8811e494184 Mon Sep 17 00:00:00 2001
+From 75c424050cce884af639e8a32d9021e0449ad590 Mon Sep 17 00:00:00 2001
 From: Andrey Ryabinin <aryabinin@virtuozzo.com>
 Date: Thu, 28 Dec 2017 19:06:20 +0300
-Subject: [PATCH 10/14] x86/mm: Set MODULES_END to 0xffffffffff000000
+Subject: [PATCH 06/10] x86/mm: Set MODULES_END to 0xffffffffff000000
 
 Since f06bdd4001c2 ("x86/mm: Adapt MODULES_END based on fixmap section size")
 kasan_mem_to_shadow(MODULES_END) could be not aligned to a page boundary.
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0011-x86-mm-Map-cpu_entry_area-at-the-same-place-on-4-5-l.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-mm-Map-cpu_entry_area-at-the-same-place-on-4-5-l.patch
similarity index 96%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0011-x86-mm-Map-cpu_entry_area-at-the-same-place-on-4-5-l.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-mm-Map-cpu_entry_area-at-the-same-place-on-4-5-l.patch
index 52459d50e3..faf6a765b5 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0011-x86-mm-Map-cpu_entry_area-at-the-same-place-on-4-5-l.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-mm-Map-cpu_entry_area-at-the-same-place-on-4-5-l.patch
@@ -1,7 +1,7 @@
-From c13125488c7ff76d8d7e8c5b47d1f6f41b901c6e Mon Sep 17 00:00:00 2001
+From 10e74b809cc9387b3415f3bb022d8c7b6c0284b1 Mon Sep 17 00:00:00 2001
 From: Thomas Gleixner <tglx@linutronix.de>
 Date: Thu, 4 Jan 2018 13:01:40 +0100
-Subject: [PATCH 11/14] x86/mm: Map cpu_entry_area at the same place on 4/5
+Subject: [PATCH 07/10] x86/mm: Map cpu_entry_area at the same place on 4/5
  level
 
 There is no reason for 4 and 5 level pagetables to have a different
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-pti-Make-sure-the-user-kernel-PTEs-match.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-pti-Make-sure-the-user-kernel-PTEs-match.patch
deleted file mode 100644
index 5517f9ecec..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-pti-Make-sure-the-user-kernel-PTEs-match.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 612c0c992840573935920427a13cb7cb44dcdc8e Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 3 Jan 2018 15:57:59 +0100
-Subject: [PATCH 07/14] x86/pti: Make sure the user/kernel PTEs match
-
-Meelis reported that his K8 Athlon64 emits MCE warnings when PTI is
-enabled:
-
-[Hardware Error]: Error Addr: 0x0000ffff81e000e0
-[Hardware Error]: MC1 Error: L1 TLB multimatch.
-[Hardware Error]: cache level: L1, tx: INSN
-
-The address is in the entry area, which is mapped into kernel _AND_ user
-space. That's special because we switch CR3 while we are executing
-there.
-
-User mapping:
-0xffffffff81e00000-0xffffffff82000000           2M     ro         PSE     GLB x  pmd
-
-Kernel mapping:
-0xffffffff81000000-0xffffffff82000000          16M     ro         PSE         x  pmd
-
-So the K8 is complaining that the TLB entries differ. They differ in the
-GLB bit.
-
-Drop the GLB bit when installing the user shared mapping.
-
-Fixes: 6dc72c3cbca0 ("x86/mm/pti: Share entry text PMD")
-Reported-by: Meelis Roos <mroos@linux.ee>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Tested-by: Meelis Roos <mroos@linux.ee>
-Cc: Borislav Petkov <bp@alien8.de>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: stable@vger.kernel.org
-Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801031407180.1957@nanos
----
- arch/x86/mm/pti.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
-index bce8aea65606..2da28ba97508 100644
---- a/arch/x86/mm/pti.c
-+++ b/arch/x86/mm/pti.c
-@@ -367,7 +367,8 @@ static void __init pti_setup_espfix64(void)
- static void __init pti_clone_entry_text(void)
- {
- 	pti_clone_pmds((unsigned long) __entry_text_start,
--			(unsigned long) __irqentry_text_end, _PAGE_RW);
-+			(unsigned long) __irqentry_text_end,
-+		       _PAGE_RW | _PAGE_GLOBAL);
- }
- 
- /*
--- 
-2.14.1
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0012-x86-kaslr-Fix-the-vaddr_end-mess.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0008-x86-kaslr-Fix-the-vaddr_end-mess.patch
similarity index 98%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0012-x86-kaslr-Fix-the-vaddr_end-mess.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0008-x86-kaslr-Fix-the-vaddr_end-mess.patch
index 4068c5e832..107e411d97 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0012-x86-kaslr-Fix-the-vaddr_end-mess.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0008-x86-kaslr-Fix-the-vaddr_end-mess.patch
@@ -1,7 +1,7 @@
-From 3842b860bc0edf60b14b64c56cf35b3b85101626 Mon Sep 17 00:00:00 2001
+From b7c33e42ce3b9c7e2e1b4fa2e7c8c2206a624689 Mon Sep 17 00:00:00 2001
 From: Thomas Gleixner <tglx@linutronix.de>
 Date: Thu, 4 Jan 2018 12:32:03 +0100
-Subject: [PATCH 12/14] x86/kaslr: Fix the vaddr_end mess
+Subject: [PATCH 08/10] x86/kaslr: Fix the vaddr_end mess
 
 vaddr_end for KASLR is only documented in the KASLR code itself and is
 adjusted depending on config options. So it's not surprising that a change
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0008-x86-pti-Switch-to-kernel-CR3-at-early-in-entry_SYSCA.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0008-x86-pti-Switch-to-kernel-CR3-at-early-in-entry_SYSCA.patch
deleted file mode 100644
index 1e121aa9dd..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0008-x86-pti-Switch-to-kernel-CR3-at-early-in-entry_SYSCA.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 6224d8f70510155e7a8d008564616d09c03e3236 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 3 Jan 2018 19:52:04 +0100
-Subject: [PATCH 08/14] x86/pti: Switch to kernel CR3 at early in
- entry_SYSCALL_compat()
-
-The preparation for PTI which added CR3 switching to the entry code
-misplaced the CR3 switch in entry_SYSCALL_compat().
-
-With PTI enabled the entry code tries to access a per cpu variable after
-switching to kernel GS. This fails because that variable is not mapped to
-user space. This results in a double fault and in the worst case a kernel
-crash.
-
-Move the switch ahead of the access and clobber RSP which has been saved
-already.
-
-Fixes: 8a09317b895f ("x86/mm/pti: Prepare the x86/entry assembly code for entry/exit CR3 switching")
-Reported-by: Lars Wendler <wendler.lars@web.de>
-Reported-by: Laura Abbott <labbott@redhat.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Borislav Betkov <bp@alien8.de>
-Cc: Andy Lutomirski <luto@kernel.org>,
-Cc: Dave Hansen <dave.hansen@linux.intel.com>,
-Cc: Peter Zijlstra <peterz@infradead.org>,
-Cc: Greg KH <gregkh@linuxfoundation.org>, ,
-Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>,
-Cc: Juergen Gross <jgross@suse.com>
-Cc: stable@vger.kernel.org
-Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801031949200.1957@nanos
----
- arch/x86/entry/entry_64_compat.S | 13 ++++++-------
- 1 file changed, 6 insertions(+), 7 deletions(-)
-
-diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
-index 40f17009ec20..98d5358e4041 100644
---- a/arch/x86/entry/entry_64_compat.S
-+++ b/arch/x86/entry/entry_64_compat.S
-@@ -190,8 +190,13 @@ ENTRY(entry_SYSCALL_compat)
- 	/* Interrupts are off on entry. */
- 	swapgs
- 
--	/* Stash user ESP and switch to the kernel stack. */
-+	/* Stash user ESP */
- 	movl	%esp, %r8d
-+
-+	/* Use %rsp as scratch reg. User ESP is stashed in r8 */
-+	SWITCH_TO_KERNEL_CR3 scratch_reg=%rsp
-+
-+	/* Switch to the kernel stack */
- 	movq	PER_CPU_VAR(cpu_current_top_of_stack), %rsp
- 
- 	/* Construct struct pt_regs on stack */
-@@ -219,12 +224,6 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe)
- 	pushq   $0			/* pt_regs->r14 = 0 */
- 	pushq   $0			/* pt_regs->r15 = 0 */
- 
--	/*
--	 * We just saved %rdi so it is safe to clobber.  It is not
--	 * preserved during the C calls inside TRACE_IRQS_OFF anyway.
--	 */
--	SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi
--
- 	/*
- 	 * User mode is traced as though IRQs are on, and SYSENTER
- 	 * turned them off.
--- 
-2.14.1
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0013-x86-events-intel-ds-Use-the-proper-cache-flush-metho.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0009-x86-events-intel-ds-Use-the-proper-cache-flush-metho.patch
similarity index 95%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0013-x86-events-intel-ds-Use-the-proper-cache-flush-metho.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0009-x86-events-intel-ds-Use-the-proper-cache-flush-metho.patch
index a560f4a819..5e6fc5f1f6 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0013-x86-events-intel-ds-Use-the-proper-cache-flush-metho.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0009-x86-events-intel-ds-Use-the-proper-cache-flush-metho.patch
@@ -1,7 +1,7 @@
-From ac76d022de724f8a414d8862b2a10b6be2dffd10 Mon Sep 17 00:00:00 2001
+From 317036bde63956361dc022ed1401ed8b0f22a682 Mon Sep 17 00:00:00 2001
 From: Peter Zijlstra <peterz@infradead.org>
 Date: Thu, 4 Jan 2018 18:07:12 +0100
-Subject: [PATCH 13/14] x86/events/intel/ds: Use the proper cache flush method
+Subject: [PATCH 09/10] x86/events/intel/ds: Use the proper cache flush method
  for mapping ds buffers
 
 Thomas reported the following warning:
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0009-x86-process-Define-cpu_tss_rw-in-same-section-as-dec.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0009-x86-process-Define-cpu_tss_rw-in-same-section-as-dec.patch
deleted file mode 100644
index 6b02e66e74..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0009-x86-process-Define-cpu_tss_rw-in-same-section-as-dec.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 2183883de54dd666d1e4a7d85125f9c40afc2ef1 Mon Sep 17 00:00:00 2001
-From: Nick Desaulniers <ndesaulniers@google.com>
-Date: Wed, 3 Jan 2018 12:39:52 -0800
-Subject: [PATCH 09/14] x86/process: Define cpu_tss_rw in same section as
- declaration
-
-cpu_tss_rw is declared with DECLARE_PER_CPU_PAGE_ALIGNED
-but then defined with DEFINE_PER_CPU_SHARED_ALIGNED
-leading to section mismatch warnings.
-
-Use DEFINE_PER_CPU_PAGE_ALIGNED consistently. This is necessary because
-it's mapped to the cpu entry area and must be page aligned.
-
-[ tglx: Massaged changelog a bit ]
-
-Fixes: 1a935bc3d4ea ("x86/entry: Move SYSENTER_stack to the beginning of struct tss_struct")
-Suggested-by: Thomas Gleixner <tglx@linutronix.de>
-Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: thomas.lendacky@amd.com
-Cc: Borislav Petkov <bpetkov@suse.de>
-Cc: tklauser@distanz.ch
-Cc: minipli@googlemail.com
-Cc: me@kylehuey.com
-Cc: namit@vmware.com
-Cc: luto@kernel.org
-Cc: jpoimboe@redhat.com
-Cc: tj@kernel.org
-Cc: cl@linux.com
-Cc: bp@suse.de
-Cc: thgarnie@google.com
-Cc: kirill.shutemov@linux.intel.com
-Cc: stable@vger.kernel.org
-Link: https://lkml.kernel.org/r/20180103203954.183360-1-ndesaulniers@google.com
----
- arch/x86/kernel/process.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index 517415978409..3cb2486c47e4 100644
---- a/arch/x86/kernel/process.c
-+++ b/arch/x86/kernel/process.c
-@@ -47,7 +47,7 @@
-  * section. Since TSS's are completely CPU-local, we want them
-  * on exact cacheline boundaries, to eliminate cacheline ping-pong.
-  */
--__visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss_rw) = {
-+__visible DEFINE_PER_CPU_PAGE_ALIGNED(struct tss_struct, cpu_tss_rw) = {
- 	.x86_tss = {
- 		/*
- 		 * .sp0 is only used when entering ring 0 from a lower
--- 
-2.14.1
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0014-x86-tlb-Drop-the-_GPL-from-the-cpu_tlbstate-export.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0010-x86-tlb-Drop-the-_GPL-from-the-cpu_tlbstate-export.patch
similarity index 92%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0014-x86-tlb-Drop-the-_GPL-from-the-cpu_tlbstate-export.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0010-x86-tlb-Drop-the-_GPL-from-the-cpu_tlbstate-export.patch
index 53556f6494..d3244a156c 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0014-x86-tlb-Drop-the-_GPL-from-the-cpu_tlbstate-export.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0010-x86-tlb-Drop-the-_GPL-from-the-cpu_tlbstate-export.patch
@@ -1,7 +1,7 @@
-From 0c74b4e882fce4f634177a45e704ddae82b90bbd Mon Sep 17 00:00:00 2001
+From 7f13b5ed9cf52b63f3bff4587a983b9b5dbdf3ce Mon Sep 17 00:00:00 2001
 From: Thomas Gleixner <tglx@linutronix.de>
 Date: Thu, 4 Jan 2018 22:19:04 +0100
-Subject: [PATCH 14/14] x86/tlb: Drop the _GPL from the cpu_tlbstate export
+Subject: [PATCH 10/10] x86/tlb: Drop the _GPL from the cpu_tlbstate export
 
 The recent changes for PTI touch cpu_tlbstate from various tlb_flush
 inlines. cpu_tlbstate is exported as GPL symbol, so this causes a