The rx->skey field contains a struct tipc_aead_key with GCM-AES
encryption keys used for TIPC cluster communication. Using plain
kfree() leaves this sensitive key material in freed memory pages
where it could potentially be recovered.

Switch to kfree_sensitive() to ensure the key material is zeroed
before the memory is freed.

Fixes: 1ef6f7c9390f ("tipc: add automatic session key exchange")
Signed-off-by: Daniel Hodges <hodgesd@meta.com>
---
 net/tipc/crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c
index 751904f10aab..970db62bd029 100644
--- a/net/tipc/crypto.c
+++ b/net/tipc/crypto.c
@@ -1212,21 +1212,21 @@ void tipc_crypto_key_flush(struct tipc_crypto *c)
 {
 	struct tipc_crypto *tx, *rx;
 	int k;
 
 	spin_lock_bh(&c->lock);
 	if (is_rx(c)) {
 		/* Try to cancel pending work */
 		rx = c;
 		tx = tipc_net(rx->net)->crypto_tx;
 		if (cancel_delayed_work(&rx->work)) {
-			kfree(rx->skey);
+			kfree_sensitive(rx->skey);
 			rx->skey = NULL;
 			atomic_xchg(&rx->key_distr, 0);
 			tipc_node_put(rx->node);
 		}
 		/* RX stopping => decrease TX key users if any */
 		k = atomic_xchg(&rx->peer_rx_active, 0);
 		if (k) {
 			tipc_aead_users_dec(tx->aead[k], 0);
 			/* Mark the point TX key users changed */
 			tx->timer1 = jiffies;
@@ -2387,21 +2387,21 @@ static void tipc_crypto_work_rx(struct work_struct *work)
 			pr_warn("%s: unable to attach received skey, err %d\n",
 				rx->name, rc);
 		switch (rc) {
 		case -EBUSY:
 		case -ENOMEM:
 			/* Resched the key attaching */
 			resched = true;
 			break;
 		default:
 			synchronize_rcu();
-			kfree(rx->skey);
+			kfree_sensitive(rx->skey);
 			rx->skey = NULL;
 			break;
 		}
 	}
 
 	if (resched && queue_delayed_work(tx->wq, &rx->work, delay))
 		return;
 
 	tipc_node_put(rx->node);
 }
-- 
2.47.3