diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.12.3-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.12.4.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.12.3-r2.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.12.4.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.12.3-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.12.4.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.12.3-r2.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.12.4.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
index 691a81fd4c..ee58da1257 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
@@ -1,2 +1,2 @@
 DIST linux-4.12.tar.xz 99186576 SHA256 a45c3becd4d08ce411c14628a949d08e2433d8cdeca92036c7013980e93858ab SHA512 8e81b41b253e63233e92948941f44c6482acb52aa3a3fd172f03a38a86f2c35b2ad4fd407acd1bc3964673eba344fe104d3a03e3ff4bf9cd1f22bd44263bd728 WHIRLPOOL 3b97da251c2ba4ace4a27b708f2b1dcf94cb1b59aaeded6acb74bd98f0d3e33f1df83670665e4186d99a55daa84c88d539d93e20f0ff18a6d46ef326c48dd375
-DIST patch-4.12.3.xz 39028 SHA256 13ad942e5144acafb849942c320aa6ab887cd2ffbba033c622f7a88eb2c32143 SHA512 a6ace68b6387665a1f77420b415a72032465fae6d99ec409487765ecf7cfb8a8458fe09f844662249f14e5739db3f82b28cdac705b0d54d4c6e268719d350c0d WHIRLPOOL 22f55a9609c444f5ef287076122075ea47a5382f30cb080146198430c98d9216d5ff5ddb4d2002988a00a832870e0fe961b38cc24034e984b031ce2064cfdf95
+DIST patch-4.12.4.xz 98592 SHA256 7cabddeaba0f9bd85278254ddd6e8af883539df70ec0ed1bda18ce83f57b304a SHA512 8a6b72524050733c166524230d85f808275a65c28f06444350ebb8c64dd4cab666f8629ef1d1d2b6c25c1f36820a1fd114510af5a38509df55f9c3071543e647 WHIRLPOOL 46d6e9dd62209fd8b1a3b1dfa9d97f15598e88f4ff4ce3126252fe2e8b108061a50772a9deb752cf06d839eeca4b089a893d666f9ef3e2f576b2f1b795af6656
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.12.3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.12.4.ebuild
similarity index 97%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.12.3.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.12.4.ebuild
index 8d1c06c3c6..bf53ea4859 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.12.3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.12.4.ebuild
@@ -44,5 +44,5 @@ UNIPATCH_LIST="
 	${PATCH_DIR}/z0022-Lock-down-TIOCSSERIAL.patch \
 	${PATCH_DIR}/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
 	${PATCH_DIR}/z0024-Add-arm64-coreos-verity-hash.patch \
-	${PATCH_DIR}/z0025-vmbus-re-enable-channel-tasklet.patch \
+	${PATCH_DIR}/z0025-bonding-commit-link-status-change-after-propose.patch \
 "
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch
index cefe6ef64f..bbd71d5800 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch
@@ -1,4 +1,4 @@
-From 5d06f19096c5f51365b1f51de408a584f92e57cc Mon Sep 17 00:00:00 2001
+From 8bc2cecfd74015c23051dc35f2923cd05767b51a Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Mon, 21 Nov 2016 23:55:55 +0000
 Subject: [PATCH 01/25] efi: Add EFI_SECURE_BOOT bit
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch
index b9801e782a..70219d7394 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch
@@ -1,4 +1,4 @@
-From e6f64a69118565e024b275ed1d9e6775ef58c503 Mon Sep 17 00:00:00 2001
+From 9f93a1ebd276e37181a80ffec89568e88a1ddaaa Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Mon, 21 Nov 2016 23:36:17 +0000
 Subject: [PATCH 02/25] Add the ability to lock down access to the running
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
index a40c0b51de..01b99b0d6f 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
@@ -1,4 +1,4 @@
-From bcf0fd7548cecd0dc3c78402b6238f50b2fd98d1 Mon Sep 17 00:00:00 2001
+From 2c1331c4ba6e6df752e4c7068d84dc6d5bd1eba6 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Mon, 21 Nov 2016 23:55:55 +0000
 Subject: [PATCH 03/25] efi: Lock down the kernel if booted in secure boot mode
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
index 2ce2bd7bfb..a2ec4d936f 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
@@ -1,4 +1,4 @@
-From d0837577b797e57373f78b634f5b9a3e7852a232 Mon Sep 17 00:00:00 2001
+From 6080dd6abf77372d59d4b7b1f56fa0fa0cee8fe9 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Wed, 23 Nov 2016 13:22:22 +0000
 Subject: [PATCH 04/25] Enforce module signatures if the kernel is locked down
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
index b8276ff50b..879d30c792 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
@@ -1,4 +1,4 @@
-From dc109b02e160750393cc042882ff622620941ef6 Mon Sep 17 00:00:00 2001
+From 964b821d7a5f54197ef6d41d41da58a051ad0ffc Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:16 +0000
 Subject: [PATCH 05/25] Restrict /dev/mem and /dev/kmem when the kernel is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
index 5600ad5376..a9549aec66 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
@@ -1,4 +1,4 @@
-From df2d85f3b0b91569e14f21ccb0c444c1dd0b96a6 Mon Sep 17 00:00:00 2001
+From 9fe3ac82c10eb3bcc3a9c0a9dd797862a8aeb6d1 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:15 +0000
 Subject: [PATCH 06/25] kexec: Disable at runtime if the kernel is locked down
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
index dba447bcf1..386ba7965c 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
@@ -1,4 +1,4 @@
-From 9b8ca8f7013bcd0015ca2cf6cb72497f063983e7 Mon Sep 17 00:00:00 2001
+From 10c1542768bc3ff9f655da4315401065c600ea8b Mon Sep 17 00:00:00 2001
 From: Dave Young <dyoung@redhat.com>
 Date: Tue, 22 Nov 2016 08:46:15 +0000
 Subject: [PATCH 07/25] Copy secure_boot flag in boot params across kexec
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
index f48d43692a..050cf5da8e 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
@@ -1,4 +1,4 @@
-From 65c7f9c24804325e8c64b0d79a3e9344fba64ca8 Mon Sep 17 00:00:00 2001
+From 477e5612e6446d3b1df9ed49efee42d319721e74 Mon Sep 17 00:00:00 2001
 From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
 Date: Wed, 23 Nov 2016 13:49:19 +0000
 Subject: [PATCH 08/25] kexec_file: Disable at runtime if securelevel has been
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch
index e02262a3c5..ead2a9464a 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch
@@ -1,4 +1,4 @@
-From bf3f6dabab017df210355ab11b6522e08aad8b38 Mon Sep 17 00:00:00 2001
+From ef8d6a280865af7b555327c33543f8b1ebb23902 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 22 Nov 2016 08:46:15 +0000
 Subject: [PATCH 09/25] hibernate: Disable when the kernel is locked down
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch
index 2a4512c43b..4ae8c8fc41 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch
@@ -1,4 +1,4 @@
-From 3eec411173fce08deee532638d9c229b5b03b76e Mon Sep 17 00:00:00 2001
+From c2cf47ce26f820f0c9d3ad6112b179c6c884e415 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@srcf.ucam.org>
 Date: Wed, 23 Nov 2016 13:28:17 +0000
 Subject: [PATCH 10/25] uswsusp: Disable when the kernel is locked down
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
index 392faed398..d6debc57d8 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
@@ -1,4 +1,4 @@
-From 4a2f6e5e4791719317b13fd99377626a522e41ba Mon Sep 17 00:00:00 2001
+From a8175632e2d54fff6093cc5793d257b1968b8bf8 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:15 +0000
 Subject: [PATCH 11/25] PCI: Lock down BAR access when the kernel is locked
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
index 332e0d5d66..7a020eb3d8 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
@@ -1,4 +1,4 @@
-From 53df2265b3cd221a519ee91b843021762363210d Mon Sep 17 00:00:00 2001
+From df08e412dc65f840fd2f17a38ca90e3c41bd39e0 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:16 +0000
 Subject: [PATCH 12/25] x86: Lock down IO port access when the kernel is locked
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
index d268764a98..1f69cad8f5 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
@@ -1,4 +1,4 @@
-From 52bf4a02f1adb42399c3110ddcbbe64e4e21a00b Mon Sep 17 00:00:00 2001
+From acce1508e26594ecc21c388f57390cde3fbae4d9 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:17 +0000
 Subject: [PATCH 13/25] x86: Restrict MSR access when the kernel is locked down
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
index 627dab35a3..1a4cb01b7d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
@@ -1,4 +1,4 @@
-From 96e01270c809608206a4647607ede4363a358fb7 Mon Sep 17 00:00:00 2001
+From 7d73bb9bb6c50eaeb32dd6cb1f11f4ab815384df Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:16 +0000
 Subject: [PATCH 14/25] asus-wmi: Restrict debugfs interface when the kernel is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
index c4ad26d4ca..5d62e9ec09 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
@@ -1,4 +1,4 @@
-From 9f4d3e5e9ce38e4a119ef709e46e03952914c168 Mon Sep 17 00:00:00 2001
+From f4dde9c46875e6b5c0bde36af5888b8096398e7e Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:16 +0000
 Subject: [PATCH 15/25] ACPI: Limit access to custom_method when the kernel is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
index 9575e35e3a..439da2be06 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
@@ -1,4 +1,4 @@
-From 6a2dc082f6443bb00dcae4cd35950d998e14249c Mon Sep 17 00:00:00 2001
+From ede9a80c123614264dbf20f3e4f98ac6c9553930 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Tue, 22 Nov 2016 08:46:16 +0000
 Subject: [PATCH 16/25] acpi: Ignore acpi_rsdp kernel param when the kernel has
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
index 821f6c7831..33e47744a6 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
@@ -1,4 +1,4 @@
-From b3bfbcc6a208ea30f2964afb89417d930a00f179 Mon Sep 17 00:00:00 2001
+From d785b547deba4fcd1c84124a0093afd23103f134 Mon Sep 17 00:00:00 2001
 From: Linn Crosetto <linn@hpe.com>
 Date: Wed, 23 Nov 2016 13:32:27 +0000
 Subject: [PATCH 17/25] acpi: Disable ACPI table override if the kernel is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
index 79bb9db814..d1684167ca 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
@@ -1,4 +1,4 @@
-From 5c175cceea2513f21c241afb974cdf142174a81e Mon Sep 17 00:00:00 2001
+From ba162f6166b691dd390cff53080574b570f0c1a5 Mon Sep 17 00:00:00 2001
 From: Linn Crosetto <linn@hpe.com>
 Date: Wed, 23 Nov 2016 13:39:41 +0000
 Subject: [PATCH 18/25] acpi: Disable APEI error injection if the kernel is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch
index ee020d956c..27055bf79b 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch
@@ -1,4 +1,4 @@
-From 802c4ee62ad250c77eef040fb8704fccf1cb7b05 Mon Sep 17 00:00:00 2001
+From f75cba8e764cc7247b6237c80af6e73b3303aaee Mon Sep 17 00:00:00 2001
 From: "Lee, Chun-Yi" <jlee@suse.com>
 Date: Wed, 23 Nov 2016 13:52:16 +0000
 Subject: [PATCH 19/25] bpf: Restrict kernel image access functions when the
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0020-scsi-Lock-down-the-eata-driver.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0020-scsi-Lock-down-the-eata-driver.patch
index 0b7b4dce5d..0d1dc31938 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0020-scsi-Lock-down-the-eata-driver.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0020-scsi-Lock-down-the-eata-driver.patch
@@ -1,4 +1,4 @@
-From dbccf331f956823c1ebc082200b0596c0e535f77 Mon Sep 17 00:00:00 2001
+From 275c37641a64fdb13c2bf5b7c8c6c240080e7ee8 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 22 Nov 2016 10:10:34 +0000
 Subject: [PATCH 20/25] scsi: Lock down the eata driver
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
index 71b88faa74..e5a381de48 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
@@ -1,4 +1,4 @@
-From c41923cb22c64f7c4fa04f137b183bc5cb4aa7fe Mon Sep 17 00:00:00 2001
+From ab6c3943aaf0b45b422d77b8ef6e817e33758619 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Fri, 25 Nov 2016 14:37:45 +0000
 Subject: [PATCH 21/25] Prohibit PCMCIA CIS storage when the kernel is locked
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0022-Lock-down-TIOCSSERIAL.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0022-Lock-down-TIOCSSERIAL.patch
index 0e46cef158..4d4ef1eccb 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0022-Lock-down-TIOCSSERIAL.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0022-Lock-down-TIOCSSERIAL.patch
@@ -1,4 +1,4 @@
-From 3e584605a23caa6293acaddbad36d566508cc4f0 Mon Sep 17 00:00:00 2001
+From 1fcbe5b939cec829f80dca667f6a1629cd7f8ac8 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Wed, 7 Dec 2016 10:28:39 +0000
 Subject: [PATCH 22/25] Lock down TIOCSSERIAL
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
index 272bf37ebc..2c1d623339 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
@@ -1,4 +1,4 @@
-From dfb8606c4c7fed0cbc2434e79b2a09dbe602887f Mon Sep 17 00:00:00 2001
+From 498ba076f1f149e03dfd9fc4c52741f063d006f6 Mon Sep 17 00:00:00 2001
 From: Vito Caputo <vito.caputo@coreos.com>
 Date: Wed, 25 Nov 2015 02:59:45 -0800
 Subject: [PATCH 23/25] kbuild: derive relative path for KBUILD_SRC from CURDIR
@@ -12,7 +12,7 @@ by some undesirable path component.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index f5bbee4..8ad0fb0 100644
+index bfdc92c..2d56a74 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -149,7 +149,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0024-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0024-Add-arm64-coreos-verity-hash.patch
index caa8d35adb..a3289c2d7c 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0024-Add-arm64-coreos-verity-hash.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0024-Add-arm64-coreos-verity-hash.patch
@@ -1,4 +1,4 @@
-From f18af56f250933617aeae9cc2b5aeae22e2803c4 Mon Sep 17 00:00:00 2001
+From de896f01efda42dddf52e0362db62d7f26a43b28 Mon Sep 17 00:00:00 2001
 From: Geoff Levand <geoff@infradead.org>
 Date: Fri, 11 Nov 2016 17:28:52 -0800
 Subject: [PATCH 24/25] Add arm64 coreos verity hash
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0025-bonding-commit-link-status-change-after-propose.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0025-bonding-commit-link-status-change-after-propose.patch
new file mode 100644
index 0000000000..b9d55b9418
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0025-bonding-commit-link-status-change-after-propose.patch
@@ -0,0 +1,44 @@
+From 3849236f6d4900e255fea0c609887fc5901f9837 Mon Sep 17 00:00:00 2001
+From: WANG Cong <xiyou.wangcong@gmail.com>
+Date: Tue, 25 Jul 2017 09:44:25 -0700
+Subject: [PATCH 25/25] bonding: commit link status change after propose
+
+Commit de77ecd4ef02 ("bonding: improve link-status update in mii-monitoring")
+moves link status commitment into bond_mii_monitor(), but it still relies
+on the return value of bond_miimon_inspect() as the hint. We need to return
+non-zero as long as we propose a link status change.
+
+Fixes: de77ecd4ef02 ("bonding: improve link-status update in mii-monitoring")
+Reported-by: Benjamin Gilbert <benjamin.gilbert@coreos.com>
+Tested-by: Benjamin Gilbert <benjamin.gilbert@coreos.com>
+Cc: Mahesh Bandewar <maheshb@google.com>
+Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
+Acked-by: Mahesh Bandewar <maheshb@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ drivers/net/bonding/bond_main.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
+index 8ab6bdb..0eab2fd 100644
+--- a/drivers/net/bonding/bond_main.c
++++ b/drivers/net/bonding/bond_main.c
+@@ -2047,6 +2047,7 @@ static int bond_miimon_inspect(struct bonding *bond)
+ 				continue;
+ 
+ 			bond_propose_link_state(slave, BOND_LINK_FAIL);
++			commit++;
+ 			slave->delay = bond->params.downdelay;
+ 			if (slave->delay) {
+ 				netdev_info(bond->dev, "link status down for %sinterface %s, disabling it in %d ms\n",
+@@ -2085,6 +2086,7 @@ static int bond_miimon_inspect(struct bonding *bond)
+ 				continue;
+ 
+ 			bond_propose_link_state(slave, BOND_LINK_BACK);
++			commit++;
+ 			slave->delay = bond->params.updelay;
+ 
+ 			if (slave->delay) {
+-- 
+2.10.2
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0025-vmbus-re-enable-channel-tasklet.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0025-vmbus-re-enable-channel-tasklet.patch
deleted file mode 100644
index 2552e99fb0..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0025-vmbus-re-enable-channel-tasklet.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 7102e64dd2611bdea3782f99ef2ebc4a39d7e657 Mon Sep 17 00:00:00 2001
-From: Stephen Hemminger <stephen@networkplumber.org>
-Date: Sun, 25 Jun 2017 12:47:46 -0700
-Subject: [PATCH 25/25] vmbus: re-enable channel tasklet
-
-This problem shows up in 4.11 when netvsc driver is removed and reloaded.
-The problem is that the channel is closed during module removal and the
-tasklet for processing responses is disabled. When module is reloaded
-the channel is reopened but the tasklet is marked as disabled.
-The fix is to re-enable tasklet at the end of close which gets it back
-to the initial state.
-
-The issue is less urgent in 4.12 since network driver now uses NAPI
-and not the tasklet; and other VMBUS devices are rarely unloaded/reloaded.
-
-Fixes: dad72a1d2844 ("vmbus: remove hv_event_tasklet_disable/enable")
-
-Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
-Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
-Cc: stable@vger.kernel.org
----
- drivers/hv/channel.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
-index 736ac76..3cea121 100644
---- a/drivers/hv/channel.c
-+++ b/drivers/hv/channel.c
-@@ -606,6 +606,8 @@ static int vmbus_close_internal(struct vmbus_channel *channel)
- 		get_order(channel->ringbuffer_pagecount * PAGE_SIZE));
- 
- out:
-+	/* re-enable tasklet for use on re-open */
-+	tasklet_enable(&channel->callback_event);
- 	return ret;
- }
- 
--- 
-2.10.2
-