tipc: use kfree_sensitive() for session key material

The rx->skey field contains a struct tipc_aead_key with GCM-AES
encryption keys used for TIPC cluster communication. Using plain
kfree() leaves this sensitive key material in freed memory pages
where it could potentially be recovered.

Switch to kfree_sensitive() to ensure the key material is zeroed
before the memory is freed.

Fixes: 1ef6f7c9390f ("tipc: add automatic session key exchange")
Signed-off-by: Daniel Hodges <hodgesd@meta.com>
Link: https://patch.msgid.link/20260131180114.2121438-1-hodgesd@meta.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c
index 751904f10aab000f94256371aa537dca7ec91101..970db62bd029b222269a0e00a4045adf844e1a67 100644 (file)
--- a/net/tipc/crypto.c
+++ b/net/tipc/crypto.c
@@ -1219,7 +1219,7 @@ void tipc_crypto_key_flush(struct tipc_crypto *c)
                rx = c;
                tx = tipc_net(rx->net)->crypto_tx;
                if (cancel_delayed_work(&rx->work)) {
-                       kfree(rx->skey);
+                       kfree_sensitive(rx->skey);
                        rx->skey = NULL;
                        atomic_xchg(&rx->key_distr, 0);
                        tipc_node_put(rx->node);
@@ -2394,7 +2394,7 @@ static void tipc_crypto_work_rx(struct work_struct *work)
                        break;
                default:
                        synchronize_rcu();
-                       kfree(rx->skey);
+                       kfree_sensitive(rx->skey);
                        rx->skey = NULL;
                        break;
                }