nvmet-auth: assign dh_key to NULL after kfree_sensitive

JIRA: https://issues.redhat.com/browse/RHEL-66830
CVE: CVE-2024-50215

commit d2f551b
Author: Vitaliy Shevtsov <v.shevtsov@maxima.ru>
Date:   Mon Sep 16 22:41:37 2024 +0500

    nvmet-auth: assign dh_key to NULL after kfree_sensitive

    ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup()
    for the same controller. So it's better to nullify it after release on
    error path in order to avoid double free later in nvmet_destroy_auth().

    Found by Linux Verification Center (linuxtesting.org) with Svace.

    Fixes: 7a277c3 ("nvmet-auth: Diffie-Hellman key exchange support")
    Cc: stable@vger.kernel.org
    Signed-off-by: Vitaliy Shevtsov <v.shevtsov@maxima.ru>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Reviewed-by: Hannes Reinecke <hare@suse.de>
    Signed-off-by: Keith Busch <kbusch@kernel.org>

Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com>

Author: CKI Backport Bot

drivers/nvme/target/auth.c

@@ -115,6 +115,7 @@ int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id)
 			pr_debug("%s: ctrl %d failed to generate private key, err %d\n",
 				 __func__, ctrl->cntlid, ret);
 			kfree_sensitive(ctrl->dh_key);
+			ctrl->dh_key = NULL;
 			return ret;
 		}
 		ctrl->dh_keysize = crypto_kpp_maxsize(ctrl->dh_tfm);