fix(mdns): hold lock across SetOptions field update + restart

mcuelenaere · claude · mcuelenaere · commit 7c807df1102c · 2026-05-11T21:51:34.000+02:00
Cursorbot caught a real race I missed: SetOptions was acquiring the lock, updating fields, releasing the lock, then calling Restart() which re-acquires the same lock inside start(true). Between the unlock and the re-lock, a concurrent Stop() (e.g. SIGINT during a networkStateChanged) could shut the server down and set m.server = nil, after which the pending Restart() would build a fresh server — silently undoing the Stop(). Extract startLocked() as the body of start() assuming the caller already holds m.lock, and have SetOptions hold the lock continuously across the field update and the restart. Public Start() / Restart() still go through start() which acquires the lock as before. Cursor: #1454 (comment) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
diff --git a/internal/mdns/mdns.go b/internal/mdns/mdns.go
@@ -214,7 +214,14 @@ func normalizeLocalNames(in []string) []string {
 func (m *MDNS) start(allowRestart bool) error {
 	m.lock.Lock()
 	defer m.lock.Unlock()
+	return m.startLocked(allowRestart)
+}
 
+// startLocked is the body of start; the caller must already hold m.lock.
+// SetOptions uses this so it can update the fields and (re)start the
+// server under a single continuous lock acquisition, preventing a
+// concurrent Stop() from squeezing in between.
+func (m *MDNS) startLocked(allowRestart bool) error {
 	if m.server != nil {
 		if !allowRestart {
 			return fmt.Errorf("mDNS server already running")
@@ -327,16 +334,18 @@ func (m *MDNS) Stop() error {
 }
 
 // SetOptions sets the local names, listen options, and service, then
-// restarts the mDNS server. All three fields are updated under a
-// single lock acquisition so a concurrent restart can't observe a
-// partially-applied configuration.
+// restarts the mDNS server. Field updates and the restart happen
+// under a single lock acquisition so that (a) a concurrent restart
+// can't observe a partially-applied configuration and (b) a
+// concurrent Stop() can't slip in between the update and the
+// restart and be silently undone.
 func (m *MDNS) SetOptions(options *MDNSOptions) error {
 	m.lock.Lock()
+	defer m.lock.Unlock()
 	m.localNames = options.LocalNames
 	if options.ListenOptions != nil {
 		m.listenOptions = options.ListenOptions
 	}
 	m.service = options.Service
-	m.lock.Unlock()
-	return m.Restart()
+	return m.startLocked(true)
 }
