From e6446a3cd5f4b4faab87127c1a310e3c7fbf0e60 Mon Sep 17 00:00:00 2001
From: Ping Yu <ping.yu@intel.com>
Date: Tue, 28 Aug 2018 18:56:27 -0400
Subject: [PATCH] Fix race condition in tls half open ctx get/put

Change-Id: I603094215162bfe7d41bbff1b9fe8ab974aa3fab
Signed-off-by: Ping Yu <ping.yu@intel.com>
---
 src/vnet/tls/tls.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index b576c00d4e9..4fb0dfb3c91 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -94,16 +94,17 @@ tls_ctx_half_open_alloc (void)
     {
       clib_rwlock_writer_lock (&tm->half_open_rwlock);
       pool_get (tm->half_open_ctx_pool, ctx);
-      memset (ctx, 0, sizeof (*ctx));
-      ctx_index = ctx - tm->half_open_ctx_pool;
       clib_rwlock_writer_unlock (&tm->half_open_rwlock);
     }
   else
     {
+      /* reader lock assumption: only main thread will call pool_get */
+      clib_rwlock_reader_lock (&tm->half_open_rwlock);
       pool_get (tm->half_open_ctx_pool, ctx);
-      memset (ctx, 0, sizeof (*ctx));
-      ctx_index = ctx - tm->half_open_ctx_pool;
+      clib_rwlock_reader_unlock (&tm->half_open_rwlock);
     }
+  memset (ctx, 0, sizeof (*ctx));
+  ctx_index = ctx - tm->half_open_ctx_pool;
   return ctx_index;
 }
 
-- 
2.16.6