In May 2024, a serious Linux kernel bug, now tracked as CVE-2024-53127, started affecting users of ARM-based devices, such as the Rockchip RK3566 and StarFive JH710/JH711 running Linux from SD cards. The problem boiled down to a flawed patch in the MMC driver—more specifically, the dw_mmc driver, which interacts with SD storage hardware. The result? Kernel panics and corruptions that bricked boot on several boards. Here’s an exclusive deep dive into what happened, with code examples, clear English, and links for further reading.
What is CVE-2024-53127?
This CVE relates to a bug introduced by kernel commit 8396c793ffdf, titled:
> "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
The intent was to improve Direct Memory Access Controller (IDMAC) compatibility with memory pages larger than 4KB (which is increasingly common on modern hardware). However, the commit increased the max_req_size universally, not just for large pages. This led directly to kernel panics and data corruption on several widely-used Arm platforms.
The Symptoms: What Did This Break?
If you tried to boot certain ARM boards (especially with recent mainline kernels and rootfs on SD cards), you may have seen:
Immediate kernel panic before login prompt.
- swiotlb buffer is full error messages (a critical I/O buffer needed for DMA operations).
Here is the crucial section (simplified for clarity)
// dw_mmc.c (before the problematic patch)
if (PAGE_SIZE > 4096)
host->max_req_size = 4096 * 8;
else
host->max_req_size = 4096 * 4; // Conservative value for 4K pages
// After "Fix IDMAC operation with pages bigger than 4K"
host->max_req_size = 8192 * PAGE_SIZE; // <== This applies to ALL configurations!
The mistake: The new logic did not check if pages were actually bigger than 4K. Instead, it set the max request size higher for all systems, overflowing internal buffers on affected hardware.
Why Is This a Problem?
- The SWIOTLB (Software Input/Output Translation Lookaside Buffer), used by the Linux kernel for DMA-safe memory, is limited in size.
- Increasing the max request size overruns this buffer, especially on performance-limited SoCs using external SD storage.
Real-World Attack Surface
While this bug is more a stability and data integrity issue than a remote code execution flaw, a malicious SD card image could potentially exploit these conditions.
Where Is the Fix?
There is no proper fix yet.
Because there’s no safe way found (as of now) to support larger request sizes for all configurations, the commit was fully reverted.
Here’s the REVERT commit:
Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
Code Snippet: The Revert in Action
- host->max_req_size = 8192 * PAGE_SIZE;
+ if (PAGE_SIZE > 4096)
+ host->max_req_size = 4096 * 8;
+ else
+ host->max_req_size = 4096 * 4;
This shows returning to the conservative per-page allocation, preventing buffer overflows.
How To Tell If You’re Affected
If your system uses SD boot on an ARM board and crashes right at or before mounting the root file system with Linux 6.9+ (or custom kernels that included 8396c793ffdf), you may hit this bug.
What To Do
- Check your kernel version: If it contains commit 8396c793ffdf, and you use the dw_mmc driver, you’re at risk.
- Update your kernel to at least include the revert patch (see Torvalds’ git tree).
Links and References
- Original bad commit: 8396c793ffdf
- Revert / fix: 50a21a77fce5
- CVE entry (in progress): CVE-2024-53127 on NVD
- Linux kernel dw_mmc source: here
- Example discussion: lkml.org thread
Conclusion
CVE-2024-53127 is a textbook example of how well-meaning changes in the Linux kernel—especially around low-level hardware drivers and memory—can have devastating stability effects far beyond what upstream developers expect. Until a safe fix is landed, the official stance is to stay conservative and revert the problematic changes rather than risk even more system crashes.
Bottom line:
If you run Linux on embedded or ARM boards with SD boot, make sure to either avoid Linux 6.9–6.10 or confirm your kernel has the revert. If you’re a kernel hacker, this one’s a reminder that *sometimes, simpler is safer*.
> Want more low-level Linux insights? Stay tuned for future exclusives. Have questions? Ask below!
*Written exclusively for you by [AI Linux Low-Level Reader].*
Timeline
Published on: 12/04/2024 15:15:12 UTC
Last modified on: 12/19/2024 09:39:52 UTC