cifs: Fix oops due to uninitialised variable

JIRA: https://issues.redhat.com/browse/RHEL-120561
CVE: CVE-2025-38737

commit 453a6d2
Author: David Howells <dhowells@redhat.com>
Date:   Tue Aug 19 16:27:36 2025 +0100

    cifs: Fix oops due to uninitialised variable

    Fix smb3_init_transform_rq() to initialise buffer to NULL before calling
    netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it
    is given.  Setting it to NULL means it should start a fresh buffer, but the
    value is currently undefined.

    Fixes: a2906d3 ("cifs: Switch crypto buffer to use a folio_queue rather than an xarray")
    Signed-off-by: David Howells <dhowells@redhat.com>
    cc: Steve French <sfrench@samba.org>
    cc: Paulo Alcantara <pc@manguebit.org>
    cc: linux-cifs@vger.kernel.org
    cc: linux-fsdevel@vger.kernel.org
    Signed-off-by: Steve French <stfrench@microsoft.com>

Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com>

Author: CKI Backport Bot

fs/smb/client/smb2ops.c

@@ -4487,7 +4487,7 @@ smb3_init_transform_rq(struct TCP_Server_Info *server, int num_rqst,
 	for (int i = 1; i < num_rqst; i++) {
 		struct smb_rqst *old = &old_rq[i - 1];
 		struct smb_rqst *new = &new_rq[i];
-		struct folio_queue *buffer;
+		struct folio_queue *buffer = NULL;
 		size_t size = iov_iter_count(&old->rq_iter);
 
 		orig_len += smb_rqst_len(server, old);