f2fs: fix to tag gcing flag on page during block migration

Vulnerability

In the Linux kernel's f2fs filesystem, during block migration, the gcing flag was not set on migrated pages. This flag is required to guarantee that migrated data is persisted during checkpoint. Without it, out-of-order persistence between data and node can lead to data corruption after a sudden power-off recovery (SPOR). The issue affects Linux kernel versions prior to the fix commit 7ea0f29d9fd8. A similar issue was previously fixed for file defragmentation in commit 2d1fe8a86bf5.

Exploitation

An attacker with the ability to trigger block migration operations on an f2fs filesystem can exploit this vulnerability. No special privileges beyond normal user access are required to perform the migration. The exploitation sequence involves performing block migration and then causing a sudden power-off. The missing gcing flag results in data and node updates being persisted out of order, leading to corruption upon recovery.

Impact

Successful exploitation leads to data integrity compromise, specifically data corruption after the system recovers from an unexpected power loss. The corruption affects the files stored on the f2fs filesystem. There is no privilege escalation; the impact is limited to integrity and availability of data.

Mitigation

The vulnerability is fixed in the Linux kernel via commit 7ea0f29d9fd8. Users should update to a kernel version that includes this fix. If an immediate update is not possible, avoid performing block migration operations on f2fs filesystems to reduce the risk. No workaround other than patching is available in the provided reference [1].