MDEV-14815 - Server crash or AddressSanitizer errors or valgrind warnings

             in thr_lock / has_old_lock upon FLUSH TABLES

Explicit partition access of partitioned MEMORY table under LOCK TABLES
may cause subsequent statements to crash the server, deadlock, trigger
valgrind warnings or ASAN errors. Freed memory was being used due to
incorrect cleanup.

At least MyISAM and InnoDB don't seem to be affected, since their
THR_LOCK structures don't survive FLUSH TABLES. MEMORY keeps table shared
data (including THR_LOCK) even if there're no open instances.

There's partition_info::lock_partitions bitmap, which holds bits of
partitions allowed to be accessed after pruning. This bitmap is
updated for each individual statement.

This bitmap was abused in ha_partition::store_lock() such that when we
need to unlock a table, locked by LOCK TABLES, only locks for partitions
that were accessed by previous statement were released.

Eventually FLUSH TABLES frees THR_LOCK_DATA objects, which are still
linked into THR_LOCK lists. When such THR_LOCK gets reused we end up with
freed memory access.

Fixed by using ha_partition::m_locked_partitions bitmap similarly to
ha_partition::external_lock().

mysql-test/r/partition_explicit_prune.result

@@ -1870,3 +1870,22 @@ CREATE TABLE t2 LIKE t1 PARTITION (p0, p2);
 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'PARTITION (p0, p2)' at line 1
 DROP TABLE t1;
 SET @@default_storage_engine = @old_default_storage_engine;
+#
+# MDEV-14815 - Server crash or AddressSanitizer errors or valgrind warnings in thr_lock / has_old_lock upon FLUSH TABLES
+#
+CREATE TABLE t1 (i INT) ENGINE=MEMORY PARTITION BY RANGE (i) (PARTITION p0 VALUES LESS THAN (4), PARTITION pm VALUES LESS THAN MAXVALUE);
+CREATE TABLE t2 (i INT) ENGINE=MEMORY;
+LOCK TABLE t1 WRITE, t2 WRITE;
+SELECT * FROM t1 PARTITION (p0);
+i
+FLUSH TABLES;
+SELECT * FROM t1 PARTITION (p0);
+i
+ALTER TABLE t1 TRUNCATE PARTITION p0;
+SELECT * FROM t1 PARTITION (p0);
+i
+ALTER TABLE t1 EXCHANGE PARTITION p0 WITH TABLE t2;
+SELECT * FROM t1 PARTITION (p0);
+i
+UNLOCK TABLES;
+DROP TABLE t1, t2;

mysql-test/t/partition_explicit_prune.test

@@ -858,3 +858,22 @@ CREATE TABLE t2 LIKE t1 PARTITION (p0, p2);
 DROP TABLE t1;
 
 SET @@default_storage_engine = @old_default_storage_engine;
+
+
+--echo #
+--echo # MDEV-14815 - Server crash or AddressSanitizer errors or valgrind warnings in thr_lock / has_old_lock upon FLUSH TABLES
+--echo #
+CREATE TABLE t1 (i INT) ENGINE=MEMORY PARTITION BY RANGE (i) (PARTITION p0 VALUES LESS THAN (4), PARTITION pm VALUES LESS THAN MAXVALUE);
+CREATE TABLE t2 (i INT) ENGINE=MEMORY;
+LOCK TABLE t1 WRITE, t2 WRITE;
+SELECT * FROM t1 PARTITION (p0);
+FLUSH TABLES;
+SELECT * FROM t1 PARTITION (p0);
+ALTER TABLE t1 TRUNCATE PARTITION p0;
+SELECT * FROM t1 PARTITION (p0);
+ALTER TABLE t1 EXCHANGE PARTITION p0 WITH TABLE t2;
+SELECT * FROM t1 PARTITION (p0);
+UNLOCK TABLES;
+
+# Cleanup
+DROP TABLE t1, t2;

sql/ha_partition.cc

@@ -3907,9 +3907,14 @@ THR_LOCK_DATA **ha_partition::store_lock(THD *thd,
   }
   else
   {
-    for (i= bitmap_get_first_set(&(m_part_info->lock_partitions));
+    MY_BITMAP *used_partitions= lock_type == TL_UNLOCK ||
+                                lock_type == TL_IGNORE ?
+                                &m_locked_partitions :
+                                &m_part_info->lock_partitions;
+
+    for (i= bitmap_get_first_set(used_partitions);
          i < m_tot_parts;
-         i= bitmap_get_next_set(&m_part_info->lock_partitions, i))
+         i= bitmap_get_next_set(used_partitions, i))
     {
       DBUG_PRINT("info", ("store lock %d iteration", i));
       to= m_file[i]->store_lock(thd, to, lock_type);