UPSTREAM: io_uring: fix double poll leak on repolling

commit c0737fa9 upstream.

We have re-polling for partial IO, so a request can be polled twice. If
it used two poll entries the first time then on the second
io_arm_poll_handler() it will find the old apoll entry and NULL
kmalloc()'ed second entry, i.e. apoll->double_poll, so leaking it.

Fixes: 10c87333 ("io_uring: allow re-poll if we made progress")
Change-Id: Ibab2f08e9f8d1e4ae25f0666dfe70e982a29a0a5
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/fee2452494222ecc7f1f88c8fb659baef971414a.1655852245.git.asml.silence@gmail.com


Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 124fb13c)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>