In integrity mode, a larger logical sector (e.g., 4096 bytes) spans several
physical sectors (e.g., 512 bytes) on the backing device. Due to hash
overhead, a 4096 byte logical sector takes 8.5625 512-byte physical sectors.
This means that only 288 bytes (256 data + 32 hash) of the last 512 byte
sector are used.

The memory allocation used to store the encrypted data to be written to the
physical sectors comes from malloc(9) and does not use M_ZERO.

Previously, nothing initialized the final physical sector backing each
logical sector, aside from the hash + encrypted data portion. So 224 bytes
of kernel heap memory was leaked to every block :-(.

This patch addresses the issue by initializing the trailing physical sector
in every logical sector to zeros before use. A much simpler but higher
overhead fix would be to tag the entire allocation M_ZERO.

PR: 222077

I manually confirmed each 224 byte portion before every 0x1200 (9*512) boundary
in the backing device was correctly initialized, regardless of IO size used to
initialize the logical volume, using the repro from the PR:

#!/bin/sh
dd if=/dev/zero of=gelitest.md bs=1M count=1 status=none
md=$(mdconfig -f gelitest.md) || exit
echo fakekey | geli init -a HMAC/SHA256 -B none -K - -P -s 4096 $md || exit
echo fakekey | geli attach -k - -p $md || exit
dd if=/dev/zero of=/dev/$md.eli bs=1M status=none
geli detach /dev/$md.eli
mdconfig -du $md