Linux Kernel parisc Data TLB Cache Flush Fault Vulnerability

A vulnerability in the Linux kernel for parisc architecture has been addressed, concerning non-access data TLB cache flush faults. When a page is absent, the fdc and fic instructions in flush_user_dcache_range_asm and flush_user_icache_range_asm trigger non-access data TLB faults. These faults prevent the proper invalidation of cache lines, potentially leading to memory corruption. The issue, which also degrades performance—causing 32 faults per 4 KB page on pa8800/pa8900 processors—was resolved by modifying the flush instructions to use flush_cache_pages(), which employs a temporary alias mapping. However, the initial implementation of flush_cache_pages() in flush_cache_range() was overly broad, flushing a range that was too large.

Impact

Failure to properly flush the data TLB cache can result in memory corruption, as cache lines are not invalidated when pages are absent, allowing stale data to persist.