ctl: fix memory disclosure in read/write buffer commands
The functions ctl_write_buffer() and ctl_read_buffer() are vulnerable to
a kernel memory disclosure caused by an uninitialized kernel allocation.
If one of these functions is called for the first time for a given LUN, a
kernel allocation is performed without the M_ZERO flag. Then a call to
ctl_read_buffer() returns the content of this allocation, which may
contain kernel data.
Reported by: Synacktiv
Reviewed by: asomers
Reviewed by: jhb
Security: FreeBSD-SA-24:11.ctl
Security: CVE-2024-8178
Security: HYP-05
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45952
(cherry picked from commit ea44766b78d639d3a89afd5302ec6feffaade813)