Linux 4.10, linux4.11, linux4.12 unsupported?


#1

why manjaro setting manager showing Linux4.10, Linux4.11 and Linux 4.12 are unsupported?Screenshot%20from%202018-02-15%2014-20-11


#2

Manjaro is supporting the most current kernel and previous LTS kernels. 4.10, 4.11 and 4.12 are no LTS kernels, therefore they are no longer supported.


#3

those kernels are EOL. that means they receive no updates anymore and thus are unsupported.
You should switch to at least 4.14.


#4

@BS86 what does EOl means?


#5

you must sync mirrors and update. These kernels no longer exits.

sudo pacman-mirrors -call && sudo pacman -Syy

sudo pacman-mirrors -f5 && sudo pacman -Syyu

EOL = END OF LIFE

Edit: Switch to your kernel 4.9, as it is the only supportet you have, what I can see from your screenshot.


#6

I think I should better remove those and install new 4.14 LTS

I am on Linux4.9 and installing new 4.14LTS


#7

Yes, it would be wise. Keep 4.9 LTS and perhaps add 4.15 as well as 4.14. 4.15 gives around the same cpu performance as 4.9 pre the meltdown and spectre fixes being applied.


#8

Good practice to always have at least 2 different kernels installed, if you have issues with one you can try the other. Each kernel installed has a different grub boot menu item.

I have three.

$ mhwd-kernel -li
Currently running: 4.15.3-2-MANJARO (linux415)
The following kernels are installed in your system:
   * linux414
   * linux415
   * linux49

#9

@micsim35 Since you mentioned Meltdown and spectre
How can I make sure that my system is fine and not affected?


#10

Most probably your system will be affected. There is a package in repo you can run to see if your system is vulnerable:

sudo pacman -Ss spectre-meltdown-checker

and once installed run:

sudo spectre-meltdown-checker

Output will be something similar to this:

Spectre and Meltdown mitigation detection tool v0.28

Checking for vulnerabilities against running kernel Linux 4.14.13-1-MANJARO #1 SMP PREEMPT Wed Jan 10 21:11:43 UTC 2018 x86_64
CPU is AMD Ryzen 7 1700 Eight-Core Processor

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO 
> STATUS:  VULNERABLE  (only 21 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

A false sense of security is worse than no security at all, see --disclaimer

#12

@Phrosgone I think it’s affected.

but How can I fix this?

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 58 stepping 9 ucode 0x1c)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
* Kernel has array_index_mask_nospec:  NO 
* Checking count of LFENCE instructions following a jump in kernel:  NO  (only 2 jump-then-lfence instructions found, should be >= 30 (heuristic))
> STATUS:  VULNERABLE  (Kernel source needs to be patched to mitigate the vulnerability)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  YES 
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  YES 
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer


#13

Unfortunately, you can do nothing except keep your system up-to-date with the latest updates. If patches are available, they will make it to the repos very quickly. You can read this topic Kernel Page-Table Isolation (KPTI) - severe ARM + Intel CPU bug, hits partly AMD, it has a lot of information about Spectre and Meltdown.


#14

another way to check with kernel 4.14 and above

grep . /sys/devices/system/cpu/vulnerabilities/*

#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.