MDEV-5172 safe_mutex: Trying to lock mutex when the mutex was already locked...

MDEV-5172 safe_mutex: Trying to lock mutex when the mutex was already locked on using a role and I_S role tables

don't forget to unlock if the current role isn't found

mysql-test/suite/roles/set_and_drop.result

@@ -64,6 +64,52 @@ select * from mysqltest1.t1;
 ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't1'
 select a from mysqltest1.t2;
 ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't2'
+set role none;
+grant reload on *.* to role1;
+grant select on mysql.* to role1;
+grant execute on procedure mysqltest1.pr1 to role1;
+grant select on mysqltest1.t1 to role1;
+grant select (a) on mysqltest1.t2 to role1;
+set role role1;
+flush tables;
+select * from mysql.roles_mapping;
+Host	User	Role	Admin_option
+localhost	foo	role1	N
+localhost	root	role1	Y
+show tables from mysqltest1;
+Tables_in_mysqltest1
+t1
+t2
+select * from mysqltest1.t1;
+a	b
+1	2
+3	4
+select * from mysqltest1.t2;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't2'
+select a from mysqltest1.t2;
+a
+5
+7
+call mysqltest1.pr1();
+pr1
+pr1
 drop role role1;
+flush tables;
+select * from mysqltest1.t1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't1'
+select a from mysqltest1.t2;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't2'
+show grants;
+Grants for foo@localhost
+GRANT USAGE ON *.* TO 'foo'@'localhost'
+select * from information_schema.enabled_roles;
+ROLE_NAME
+NULL
+select * from information_schema.enabled_roles;
+ROLE_NAME
+NULL
+select current_role();
+current_role()
+role1
 drop user foo@localhost;
 drop database mysqltest1;

mysql-test/suite/roles/set_and_drop.test

@@ -66,9 +66,48 @@ select * from mysqltest1.t1;
 --error ER_TABLEACCESS_DENIED_ERROR
 select a from mysqltest1.t2;
 
+set role none;
+
 connection default;
-disconnect foo;
 
+grant reload on *.* to role1;
+grant select on mysql.* to role1;
+grant execute on procedure mysqltest1.pr1 to role1;
+grant select on mysqltest1.t1 to role1;
+grant select (a) on mysqltest1.t2 to role1;
+
+connection foo;
+set role role1;
+
+flush tables;
+--sorted_result
+select * from mysql.roles_mapping;
+show tables from mysqltest1;
+select * from mysqltest1.t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from mysqltest1.t2;
+select a from mysqltest1.t2;
+call mysqltest1.pr1();
+
+connection default;
 drop role role1;
+connection foo;
+
+flush tables;
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from mysql.roles_mapping;
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from mysqltest1.t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+select a from mysqltest1.t2;
+
+show grants;
+select * from information_schema.enabled_roles;
+select * from information_schema.enabled_roles; # yes, repeat it twice
+select current_role();
+
+disconnect foo;
+connection default;
+
 drop user foo@localhost;
 drop database mysqltest1;

sql/sql_acl.cc

@@ -9911,12 +9911,11 @@ int fill_schema_enabled_roles(THD *thd, TABLE_LIST *tables, COND *cond)
     mysql_mutex_lock(&acl_cache->lock);
     ACL_ROLE *acl_role= find_acl_role(thd->security_ctx->priv_role);
     if (acl_role)
-    {
       traverse_role_graph_down(acl_role, table, enabled_roles_insert, NULL);
-      mysql_mutex_unlock(&acl_cache->lock);
-      mysql_rwlock_unlock(&LOCK_grant);
+    mysql_mutex_unlock(&acl_cache->lock);
+    mysql_rwlock_unlock(&LOCK_grant);
+    if (acl_role)
       return 0;
-    }
   }
 #endif