MDEV-8474: InnoDB sets per-connection data unsafely

Analysis: At check_trx_exists function InnoDB allocates
a new trx if no trx is found from thd but this newly
allocated trx is not registered to thd. This is unsafe,
because nothing prevents InnoDB plugin from being uninstalled
while there's active transaction. This can cause crashes, hang
and any other odd behavior. It may also corrupt stack, as
functions pointers are not available after dlclose.

Fix: The fix is to use thd_set_ha_data() when
manipulating per-connection handler data. It does appropriate
plugin locking.

mysql-test/mysql-test-run.pl

@@ -4806,6 +4806,7 @@ sub extract_warning_lines ($$) {
      qr|Plugin 'FEEDBACK' registration as a INFORMATION SCHEMA failed|,
      qr|Failed to setup SSL|,
      qr|SSL error: Failed to set ciphers to use|,
+     qr/Plugin 'InnoDB' will be forced to shutdown/,
     );
 
   my $matched_lines= [];

mysql-test/r/innodb_load_xa.result

@@ -18,3 +18,5 @@ mysqld-bin.000001	#	Query	#	#	use `test`; insert t1 values (2)
 mysqld-bin.000001	#	Query	#	#	COMMIT
 drop table t1;
 uninstall plugin innodb;
+Warnings:
+Warning	1620	Plugin is busy and will be uninstalled on shutdown

mysql-test/suite/innodb/r/innodb_uninstall.result

+install plugin innodb soname 'ha_innodb';
+create table t1(a int not null primary key) engine=innodb;
+begin;
+insert into t1 values(1);
+flush tables;
+uninstall plugin innodb;
+select sleep(1);
+sleep(1)
+0
+Warnings:
+Warning	1620	Plugin is busy and will be uninstalled on shutdown
+drop table t1;
+install plugin innodb soname 'ha_innodb';
+create table t2(a int not null primary key) engine=innodb;
+insert into t2 values(1);
+drop table t2;
+uninstall plugin innodb;
+select sleep(1);
+sleep(1)
+0
+Warnings:
+Warning	1620	Plugin is busy and will be uninstalled on shutdown

mysql-test/suite/innodb/t/innodb_uninstall.opt

+--ignore-builtin-innodb
+--loose-innodb
+

mysql-test/suite/innodb/t/innodb_uninstall.test

+--source include/not_embedded.inc
+--source include/not_windows.inc
+
+if (!$HA_INNODB_SO) {
+  --skip Need InnoDB plugin
+}
+
+#
+# MDEV-8474: InnoDB sets per-connection data unsafely
+# Below test caused hang
+#
+install plugin innodb soname 'ha_innodb';
+create table t1(a int not null primary key) engine=innodb;
+
+connect (con1, localhost, root);
+connection con1;
+begin;
+insert into t1 values(1);
+
+connection default;
+flush tables;
+send uninstall plugin innodb;
+
+connection con1;
+select sleep(1);
+disconnect con1;
+
+connection default;
+reap;
+
+--source include/restart_mysqld.inc
+
+drop table t1;
+
+#
+# Another test that caused hang.
+#
+
+connect (con1, localhost, root);
+connection con1;
+install plugin innodb soname 'ha_innodb';
+create table t2(a int not null primary key) engine=innodb;
+insert into t2 values(1);
+drop table t2;
+
+connection default;
+send uninstall plugin innodb;
+
+connection con1;
+select sleep(1);
+disconnect con1;
+
+connection default;
+reap;
+
+--source include/restart_mysqld.inc
+
+

mysql-test/t/innodb_load_xa.test

@@ -16,3 +16,6 @@ commit;
 --source include/show_binlog_events.inc
 drop table t1;
 uninstall plugin innodb;
+
+--source include/restart_mysqld.inc
+

storage/innobase/handler/ha_innodb.cc

@@ -1597,6 +1597,7 @@ check_trx_exists(
 
 	if (trx == NULL) {
 		trx = innobase_trx_allocate(thd);
+		thd_set_ha_data(thd, innodb_hton_ptr, trx);
 	} else if (UNIV_UNLIKELY(trx->magic_n != TRX_MAGIC_N)) {
 		mem_analyze_corruption(trx);
 		ut_error;

storage/xtradb/handler/ha_innodb.cc

@@ -1853,6 +1853,7 @@ check_trx_exists(
 
 	if (trx == NULL) {
 		trx = innobase_trx_allocate(thd);
+		thd_set_ha_data(thd, innodb_hton_ptr, trx);
 	} else if (UNIV_UNLIKELY(trx->magic_n != TRX_MAGIC_N)) {
 		mem_analyze_corruption(trx);
 		ut_error;