lib/iov_iter: initialize "flags" in new pipe_buffer

commit 9d2231c5d74e13b2a0546fee6737ee4446017903 upstream.

The functions copy_page_to_iter_pipe() and push_pipe() can both
allocate a new pipe_buffer, but the "flags" member initializer is
missing.

Fixes: 241699cd72a8 ("new iov_iter flavour: pipe-backed")
To: Alexander Viro <viro@zeniv.linux.org.uk>
To: linux-fsdevel@vger.kernel.org
To: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 957e3e58df652ae28286351f954dae8a34460e9f..9d3bda3d49feddc0e19f2baf2856d7e5f95c012e 100644 (file)
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -398,6 +398,7 @@ static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t by
                return 0;
        pipe->nrbufs++;
        buf->ops = &page_cache_pipe_buf_ops;
+       buf->flags = 0;
        get_page(buf->page = page);
        buf->offset = offset;
        buf->len = bytes;
@@ -524,6 +525,7 @@ static size_t push_pipe(struct iov_iter *i, size_t size,
                        break;
                pipe->nrbufs++;
                pipe->bufs[idx].ops = &default_pipe_buf_ops;
+               pipe->bufs[idx].flags = 0;
                pipe->bufs[idx].page = page;
                pipe->bufs[idx].offset = 0;
                if (left <= PAGE_SIZE) {