Linux 7.1 Lands Workaround For Arm C1-Pro Erratum
([Arm] 5 Hours Ago
C1-Pro Bug)
- Reference: 0001628565
- News link: https://www.phoronix.com/news/Linux-7.1-Arm-C1-Pro-Fix
- Source link:
Merged yesterday to the Linux 7.1 kernel is a workaround for an Arm C1-Pro CPU hardware bug around its Scalable Matrix Extension implementation.
Back in September [1]Arm announced the C1 CPUs with the C1-Pro being their new high-end core but a step below the C1-Ultra and C1-Premium.
The C1-Pro hardware bug is where under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to Scalable Matrix Extensions (SME). The bug was made public in March and now is patched in Linux 7.1 and is also working on being back-ported to other stable versions of the Linux kernel.
[2]This patch series further elaborates on the hardware erratum and the Linux workaround:
"Arm C1-Pro prior to r1p3 has an erratum (4193714) where a TLBI+DSB sequence might fail to ensure the completion of all outstanding SME (Scalable Matrix Extension) memory accesses. The DVMSync message is acknowledged before the SME accesses have fully completed, potentially allowing pages to be reused before all in-flight accesses are done.
The workaround consists of executing a DSB locally (via IPI) on all affected CPUs running with SME enabled, after the TLB invalidation. This ensures the SME accesses have completed before the IPI is acknowledged."
The issue is also tracked as CVE-2026-0995.
The workaround can be controlled via the new ARM64_ERRATUM_4193714 Kconfig option. With [3]this merge of the latest ARM64 updates, the Arm C1-Pro erratum workaround is in place.
[1] https://www.phoronix.com/news/Arm-Lumex-Platform-C1
[2] https://lore.kernel.org/all/20260302165801.3014607-1-catalin.marinas@arm.com/
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13f24586a292e35c9cc71e649dc4e4ea1895c5e5
Back in September [1]Arm announced the C1 CPUs with the C1-Pro being their new high-end core but a step below the C1-Ultra and C1-Premium.
The C1-Pro hardware bug is where under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to Scalable Matrix Extensions (SME). The bug was made public in March and now is patched in Linux 7.1 and is also working on being back-ported to other stable versions of the Linux kernel.
[2]This patch series further elaborates on the hardware erratum and the Linux workaround:
"Arm C1-Pro prior to r1p3 has an erratum (4193714) where a TLBI+DSB sequence might fail to ensure the completion of all outstanding SME (Scalable Matrix Extension) memory accesses. The DVMSync message is acknowledged before the SME accesses have fully completed, potentially allowing pages to be reused before all in-flight accesses are done.
The workaround consists of executing a DSB locally (via IPI) on all affected CPUs running with SME enabled, after the TLB invalidation. This ensures the SME accesses have completed before the IPI is acknowledged."
The issue is also tracked as CVE-2026-0995.
The workaround can be controlled via the new ARM64_ERRATUM_4193714 Kconfig option. With [3]this merge of the latest ARM64 updates, the Arm C1-Pro erratum workaround is in place.
[1] https://www.phoronix.com/news/Arm-Lumex-Platform-C1
[2] https://lore.kernel.org/all/20260302165801.3014607-1-catalin.marinas@arm.com/
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13f24586a292e35c9cc71e649dc4e4ea1895c5e5