libstore: fix data race in getFileTransfer() singleton replacement

Mic92 · Mic92 · commit 77ba04936efb · 2025-09-29T19:31:42.000+02:00
Multiple threads could simultaneously observe that the singleton
FileTransfer instance has quit and attempt to replace it without
synchronization. This caused undefined behavior as destroying the
old object while other threads might still be accessing its mutex
is not allowed.

Fixed by implementing in-place restart of the FileTransfer object
instead of replacing it. This avoids destroying mutexes that other
threads might be waiting on or holding.
diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc
@@ -611,11 +611,10 @@ struct curlFileTransfer : public FileTransfer
 
     std::thread workerThread;
 
-    curlFileTransfer()
-        : mt19937(rd())
+    void resetCurl()
     {
-        static std::once_flag globalInit;
-        std::call_once(globalInit, curl_global_init, CURL_GLOBAL_ALL);
+        if (curlm)
+            curl_multi_cleanup(curlm);
 
         curlm = curl_multi_init();
 
@@ -625,13 +624,27 @@ struct curlFileTransfer : public FileTransfer
 #if LIBCURL_VERSION_NUM >= 0x071e00 // Max connections requires >= 7.30.0
         curl_multi_setopt(curlm, CURLMOPT_MAX_TOTAL_CONNECTIONS, fileTransferSettings.httpConnections.get());
 #endif
+    }
+
+    void startWorkerThread()
+    {
+        workerThread = std::thread([&]() { workerThreadEntry(); });
+    }
+
+    curlFileTransfer()
+        : mt19937(rd())
+    {
+        static std::once_flag globalInit;
+        std::call_once(globalInit, curl_global_init, CURL_GLOBAL_ALL);
+
+        resetCurl();
 
 #ifndef _WIN32 // TODO need graceful async exit support on Windows?
         wakeupPipe.create();
         fcntl(wakeupPipe.readSide.get(), F_SETFL, O_NONBLOCK);
 #endif
 
-        workerThread = std::thread([&]() { workerThreadEntry(); });
+        startWorkerThread();
     }
 
     ~curlFileTransfer()
@@ -644,6 +657,34 @@ struct curlFileTransfer : public FileTransfer
             curl_multi_cleanup(curlm);
     }
 
+    std::mutex restartMutex;
+
+    void restart()
+    {
+        std::lock_guard<std::mutex> restartLock(restartMutex);
+
+        // Check if we need to restart
+        {
+            auto state(state_.lock());
+            if (!state->quit) {
+                return;
+            }
+        }
+
+        // The worker thread will exit if quit has been set
+        workerThread.join();
+
+        resetCurl();
+
+        // Reset the quit flag BEFORE starting the new thread
+        {
+            auto state(state_.lock());
+            state->quit = false;
+        }
+
+        startWorkerThread();
+    }
+
     void stopWorkerThread()
     {
         /* Signal the worker thread to exit. */
@@ -846,7 +887,7 @@ ref<FileTransfer> getFileTransfer()
     static ref<curlFileTransfer> fileTransfer = makeCurlFileTransfer();
 
     if (fileTransfer->state_.lock()->quit)
-        fileTransfer = makeCurlFileTransfer();
+        fileTransfer->restart();
 
     return fileTransfer;
 }
