Fix harmless locking bug in tfp_fastopen_check_cookie().

The keylist lock was not being acquired early enough.  The only side
effect of this bug is that the effective add time of a new key could
be slightly later than it would have been otherwise, as seen by a TFO
client.

Reviewed by:	tuexen
MFC after:	1 month
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D14046

sys/netinet/tcp_fastopen.c

@@ -313,6 +313,7 @@ tcp_fastopen_check_cookie(struct in_conninfo *inc, uint8_t *cookie,
 {
 	struct rm_priotracker tracker;
 	unsigned int i, key_index;
+	int rv;
 	uint64_t cur_cookie;
 
 	if (V_tcp_fastopen_acceptany) {
@@ -320,21 +321,22 @@ tcp_fastopen_check_cookie(struct in_conninfo *inc, uint8_t *cookie,
 		return (1);
 	}
 
+	TCP_FASTOPEN_KEYS_RLOCK(&tracker);
 	if (len != TCP_FASTOPEN_COOKIE_LEN) {
 		if (V_tcp_fastopen_numkeys > 0) {
 			*latest_cookie =
 			    tcp_fastopen_make_cookie(
 				V_tcp_fastopen_keys.key[V_tcp_fastopen_keys.newest],
 				inc);
-			return (0);
-		}
- 		return (-1);
+			rv = 0;
+		} else
+			rv = -1;
+		goto out;
 	}
 
 	/*
 	 * Check against each available key, from newest to oldest.
 	 */
-	TCP_FASTOPEN_KEYS_RLOCK(&tracker);
 	key_index = V_tcp_fastopen_keys.newest;
 	for (i = 0; i < V_tcp_fastopen_numkeys; i++) {
 		cur_cookie =
@@ -343,17 +345,19 @@ tcp_fastopen_check_cookie(struct in_conninfo *inc, uint8_t *cookie,
 		if (i == 0)
 			*latest_cookie = cur_cookie;
 		if (memcmp(cookie, &cur_cookie, TCP_FASTOPEN_COOKIE_LEN) == 0) {
-			TCP_FASTOPEN_KEYS_RUNLOCK(&tracker);
-			return (1);
+			rv = 1;
+			goto out;
 		}
 		if (key_index == 0)
 			key_index = TCP_FASTOPEN_MAX_KEYS - 1;
 		else
 			key_index--;
 	}
-	TCP_FASTOPEN_KEYS_RUNLOCK(&tracker);
+	rv = 0;
 
-	return (0);
+out:
+	TCP_FASTOPEN_KEYS_RUNLOCK(&tracker);
+	return (rv);
 }
 
 static int