From 7b00112a52fa9c8b2a66b3f256a18c5a40ee242a Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Thu, 6 Sep 2018 11:23:47 -0500
Subject: [PATCH] upgrade mutex locking to use only RLock if possible

---
 builtin/logical/aws/secret_access_keys.go | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/builtin/logical/aws/secret_access_keys.go b/builtin/logical/aws/secret_access_keys.go
index a1ba69e13258..71e35fe867fc 100644
--- a/builtin/logical/aws/secret_access_keys.go
+++ b/builtin/logical/aws/secret_access_keys.go
@@ -69,9 +69,15 @@ func (b *backend) secretTokenCreate(ctx context.Context, s logical.Storage,
 	displayName, policyName, policy string,
 	lifeTimeInSeconds int64) (*logical.Response, error) {
 
-	b.clientMutex.Lock()
-	defer b.clientMutex.Unlock()
+	b.clientMutex.RLock()
+	unlockFunc := b.clientMutex.RUnlock
+	defer func() { unlockFunc() }()
 	if b.stsClient == nil {
+		// Upgrade the lock for writing
+		b.clientMutex.RUnlock()
+		b.clientMutex.Lock()
+		unlockFunc = b.clientMutex.Unlock
+
 		stsClient, err := clientSTS(ctx, s)
 		if err != nil {
 			return logical.ErrorResponse(err.Error()), nil
@@ -174,9 +180,15 @@ func (b *backend) secretAccessKeysCreate(
 	s logical.Storage,
 	displayName, policyName string, role *awsRoleEntry) (*logical.Response, error) {
 
-	b.clientMutex.Lock()
-	defer b.clientMutex.Unlock()
+	b.clientMutex.RLock()
+	unlockFunc := b.clientMutex.RUnlock
+	defer func() { unlockFunc() }()
 	if b.iamClient == nil {
+		// Upgrade the lock for writing
+		b.clientMutex.RUnlock()
+		b.clientMutex.Lock()
+		unlockFunc = b.clientMutex.Unlock
+
 		iamClient, err := clientIAM(ctx, s)
 		if err != nil {
 			return logical.ErrorResponse(err.Error()), nil