nvme-fabrics: use kfree_sensitive() for DHCHAP secrets

The DHCHAP secrets (dhchap_secret and dhchap_ctrl_secret) contain
authentication key material for NVMe-oF. Use kfree_sensitive() instead
of kfree() in nvmf_free_options() to ensure secrets are zeroed before
the memory is freed, preventing recovery from freed pages.

Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Daniel Hodges <hodgesd@meta.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>

diff --git a/drivers/nvme/host/fabrics.c b/drivers/nvme/host/fabrics.c
index 55a8afd2efd50306a9fb90945ab7308954f397d0..d37cb140d83232e858485a25c390931d1e1b30f9 100644 (file)
--- a/drivers/nvme/host/fabrics.c
+++ b/drivers/nvme/host/fabrics.c
@@ -1290,8 +1290,8 @@ void nvmf_free_options(struct nvmf_ctrl_options *opts)
        kfree(opts->subsysnqn);
        kfree(opts->host_traddr);
        kfree(opts->host_iface);
-       kfree(opts->dhchap_secret);
-       kfree(opts->dhchap_ctrl_secret);
+       kfree_sensitive(opts->dhchap_secret);
+       kfree_sensitive(opts->dhchap_ctrl_secret);
        kfree(opts);
 }
 EXPORT_SYMBOL_GPL(nvmf_free_options);