From d0d7738efac6127263827f60b65e22eb34264ee4 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Thu, 8 Feb 2018 11:27:04 +0000
Subject: [PATCH 1/3] kernel: Tighten patching of the kernel

- Disable any fuzzing. Patches should apply cleanly
- Assume unified diffs

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 kernel/Dockerfile         | 3 ++-
 kernel/Dockerfile.kconfig | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/Dockerfile b/kernel/Dockerfile
index f0df45c78..73225e549 100644
--- a/kernel/Dockerfile
+++ b/kernel/Dockerfile
@@ -21,6 +21,7 @@ RUN apk add \
     mpc1-dev \
     mpfr-dev \
     ncurses-dev \
+    patch \
     sed \
     squashfs-tools \
     tar \
@@ -67,7 +68,7 @@ RUN set -e && \
     if [ -d /patches-${KERNEL_SERIES} ]; then \
         for patch in /patches-${KERNEL_SERIES}/*.patch; do \
             echo "Applying $patch"; \
-            patch -p1 < "$patch"; \
+            patch -t -F0 -N -u -p1 < "$patch"; \
         done; \
     fi
 
diff --git a/kernel/Dockerfile.kconfig b/kernel/Dockerfile.kconfig
index 9ba3fdc46..163485b75 100644
--- a/kernel/Dockerfile.kconfig
+++ b/kernel/Dockerfile.kconfig
@@ -6,6 +6,7 @@ RUN apk add \
     diffutils \
     libarchive-tools \
     ncurses-dev \
+    patch \
     xz
 
 ARG KERNEL_VERSIONS
@@ -30,7 +31,7 @@ RUN set -e && \
             if [ -d /patches-${SERIES} ]; then \
                for patch in /patches-${SERIES}/*.patch; do \
                    echo "Applying $patch" && \
-                   patch -p1 < "$patch"; \
+                   patch -t -F0 -N -u -p1 < "$patch"; \
                done; \
             fi && \
         mv /config-${SERIES}-x86_64 arch/x86/configs/x86_64_defconfig && \

From acfca2603860f8a145c3582ec221de0b94a30116 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Thu, 8 Feb 2018 11:32:53 +0000
Subject: [PATCH 2/3] kernel: Update to 4.15.2/4.14.18

These kernels have significant changes/addition for Spectre
mitigation as well as the usual other set of fixes.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 kernel/Makefile                                             | 6 +++---
 kernel/config-4.14.x-aarch64                                | 2 +-
 kernel/config-4.14.x-x86_64                                 | 2 +-
 kernel/config-4.15.x-aarch64                                | 2 +-
 kernel/config-4.15.x-x86_64                                 | 2 +-
 ...DIMM-reducded-ND_MIN_NAMESPACE_SIZE-from-4MB-to-4K.patch | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/kernel/Makefile b/kernel/Makefile
index 63977171b..8b0c93639 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -204,9 +204,9 @@ endef
 # Build Targets
 # Debug targets only for latest stable and LTS stable
 #
-$(eval $(call kernel,4.15.1,4.15.x,$(EXTRA)))
-$(eval $(call kernel,4.14.17,4.14.x,$(EXTRA)))
-$(eval $(call kernel,4.14.17,4.14.x,-dbg))
+$(eval $(call kernel,4.15.2,4.15.x,$(EXTRA)))
+$(eval $(call kernel,4.14.18,4.14.x,$(EXTRA)))
+$(eval $(call kernel,4.14.18,4.14.x,-dbg))
 $(eval $(call kernel,4.9.80,4.9.x,$(EXTRA)))
 $(eval $(call kernel,4.9.80,4.9.x,-dbg))
 $(eval $(call kernel,4.4.115,4.4.x,$(EXTRA)))
diff --git a/kernel/config-4.14.x-aarch64 b/kernel/config-4.14.x-aarch64
index d95737019..ce9e01144 100644
--- a/kernel/config-4.14.x-aarch64
+++ b/kernel/config-4.14.x-aarch64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm64 4.14.17 Kernel Configuration
+# Linux/arm64 4.14.18 Kernel Configuration
 #
 CONFIG_ARM64=y
 CONFIG_64BIT=y
diff --git a/kernel/config-4.14.x-x86_64 b/kernel/config-4.14.x-x86_64
index a856933f8..cd68159c9 100644
--- a/kernel/config-4.14.x-x86_64
+++ b/kernel/config-4.14.x-x86_64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.17 Kernel Configuration
+# Linux/x86 4.14.18 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
diff --git a/kernel/config-4.15.x-aarch64 b/kernel/config-4.15.x-aarch64
index e3a67c00a..e2c64199e 100644
--- a/kernel/config-4.15.x-aarch64
+++ b/kernel/config-4.15.x-aarch64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm64 4.15.1 Kernel Configuration
+# Linux/arm64 4.15.2 Kernel Configuration
 #
 CONFIG_ARM64=y
 CONFIG_64BIT=y
diff --git a/kernel/config-4.15.x-x86_64 b/kernel/config-4.15.x-x86_64
index 972c9d017..0b8428131 100644
--- a/kernel/config-4.15.x-x86_64
+++ b/kernel/config-4.15.x-x86_64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.15.1 Kernel Configuration
+# Linux/x86 4.15.2 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
diff --git a/kernel/patches-4.14.x/0001-NVDIMM-reducded-ND_MIN_NAMESPACE_SIZE-from-4MB-to-4K.patch b/kernel/patches-4.14.x/0001-NVDIMM-reducded-ND_MIN_NAMESPACE_SIZE-from-4MB-to-4K.patch
index 6f18b9b31..bb4e18d89 100644
--- a/kernel/patches-4.14.x/0001-NVDIMM-reducded-ND_MIN_NAMESPACE_SIZE-from-4MB-to-4K.patch
+++ b/kernel/patches-4.14.x/0001-NVDIMM-reducded-ND_MIN_NAMESPACE_SIZE-from-4MB-to-4K.patch
@@ -1,4 +1,4 @@
-From a629d501c42e00b7c1e37ab8d8f32e303cd89f7a Mon Sep 17 00:00:00 2001
+From 68f097990b84f65ddf63e483f59f7a33810dbeda Mon Sep 17 00:00:00 2001
 From: Cheng-mean Liu <soccerl@microsoft.com>
 Date: Tue, 11 Jul 2017 16:58:26 -0700
 Subject: [PATCH] NVDIMM: reducded ND_MIN_NAMESPACE_SIZE from 4MB to 4KB (page

From 8fd2e73cc687bcae8996cd9f3e60a563f35b74d0 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Thu, 8 Feb 2018 14:09:56 +0000
Subject: [PATCH 3/3] Update YAMLs to latest kernels

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 test/cases/020_kernel/006_config_4.14.x/test.yml                | 2 +-
 test/cases/020_kernel/007_config_4.15.x/test.yml                | 2 +-
 test/cases/020_kernel/016_kmod_4.14.x/Dockerfile                | 2 +-
 test/cases/020_kernel/016_kmod_4.14.x/test.yml                  | 2 +-
 test/cases/020_kernel/017_kmod_4.15.x/Dockerfile                | 2 +-
 test/cases/020_kernel/017_kmod_4.15.x/test.yml                  | 2 +-
 .../cases/020_kernel/110_namespace/006_kernel-4.14.x/common.yml | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/test/cases/020_kernel/006_config_4.14.x/test.yml b/test/cases/020_kernel/006_config_4.14.x/test.yml
index 6a1fe8020..662b19c28 100644
--- a/test/cases/020_kernel/006_config_4.14.x/test.yml
+++ b/test/cases/020_kernel/006_config_4.14.x/test.yml
@@ -1,5 +1,5 @@
 kernel:
-  image: linuxkit/kernel:4.14.17
+  image: linuxkit/kernel:4.14.18
   cmdline: "console=ttyS0 console=ttyAMA0"
 init:
   - linuxkit/init:6061875ba11fd9c563fda6234b103ed9997ff782
diff --git a/test/cases/020_kernel/007_config_4.15.x/test.yml b/test/cases/020_kernel/007_config_4.15.x/test.yml
index 73dde696d..b4de358d5 100644
--- a/test/cases/020_kernel/007_config_4.15.x/test.yml
+++ b/test/cases/020_kernel/007_config_4.15.x/test.yml
@@ -1,5 +1,5 @@
 kernel:
-  image: linuxkit/kernel:4.15.1
+  image: linuxkit/kernel:4.15.2
   cmdline: "console=ttyS0 console=ttyAMA0"
 init:
   - linuxkit/init:6061875ba11fd9c563fda6234b103ed9997ff782
diff --git a/test/cases/020_kernel/016_kmod_4.14.x/Dockerfile b/test/cases/020_kernel/016_kmod_4.14.x/Dockerfile
index 29792d6b7..4e630c21d 100644
--- a/test/cases/020_kernel/016_kmod_4.14.x/Dockerfile
+++ b/test/cases/020_kernel/016_kmod_4.14.x/Dockerfile
@@ -3,7 +3,7 @@
 # In the last stage, it creates a package, which can be used for
 # testing.
 
-FROM linuxkit/kernel:4.14.17 AS ksrc
+FROM linuxkit/kernel:4.14.18 AS ksrc
 
 # Extract headers and compile module
 FROM linuxkit/alpine:d307c8a386fa3f32cddda9409b9687e191cdd6f1 AS build
diff --git a/test/cases/020_kernel/016_kmod_4.14.x/test.yml b/test/cases/020_kernel/016_kmod_4.14.x/test.yml
index 6f80ad18f..57d9d34e9 100644
--- a/test/cases/020_kernel/016_kmod_4.14.x/test.yml
+++ b/test/cases/020_kernel/016_kmod_4.14.x/test.yml
@@ -1,5 +1,5 @@
 kernel:
-  image: linuxkit/kernel:4.14.17
+  image: linuxkit/kernel:4.14.18
   cmdline: "console=ttyS0 console=ttyAMA0"
 init:
   - linuxkit/init:6061875ba11fd9c563fda6234b103ed9997ff782
diff --git a/test/cases/020_kernel/017_kmod_4.15.x/Dockerfile b/test/cases/020_kernel/017_kmod_4.15.x/Dockerfile
index bef130041..183bc429e 100644
--- a/test/cases/020_kernel/017_kmod_4.15.x/Dockerfile
+++ b/test/cases/020_kernel/017_kmod_4.15.x/Dockerfile
@@ -3,7 +3,7 @@
 # In the last stage, it creates a package, which can be used for
 # testing.
 
-FROM linuxkit/kernel:4.15.1 AS ksrc
+FROM linuxkit/kernel:4.15.2 AS ksrc
 
 # Extract headers and compile module
 FROM linuxkit/alpine:d307c8a386fa3f32cddda9409b9687e191cdd6f1 AS build
diff --git a/test/cases/020_kernel/017_kmod_4.15.x/test.yml b/test/cases/020_kernel/017_kmod_4.15.x/test.yml
index 23b6b9385..8801c65b0 100644
--- a/test/cases/020_kernel/017_kmod_4.15.x/test.yml
+++ b/test/cases/020_kernel/017_kmod_4.15.x/test.yml
@@ -1,5 +1,5 @@
 kernel:
-  image: linuxkit/kernel:4.15.1
+  image: linuxkit/kernel:4.15.2
   cmdline: "console=ttyS0 console=ttyAMA0"
 init:
   - linuxkit/init:6061875ba11fd9c563fda6234b103ed9997ff782
diff --git a/test/cases/020_kernel/110_namespace/006_kernel-4.14.x/common.yml b/test/cases/020_kernel/110_namespace/006_kernel-4.14.x/common.yml
index 8bec8def6..5995d6b4f 100644
--- a/test/cases/020_kernel/110_namespace/006_kernel-4.14.x/common.yml
+++ b/test/cases/020_kernel/110_namespace/006_kernel-4.14.x/common.yml
@@ -1,5 +1,5 @@
 kernel:
-  image: linuxkit/kernel:4.14.17
+  image: linuxkit/kernel:4.14.18
   cmdline: "console=ttyS0 console=ttyAMA0"
 init:
   - linuxkit/init:6061875ba11fd9c563fda6234b103ed9997ff782