share: concurrency handling, easy updates

[icing]

curl share:

Replace the volatile int dirty with a reference counter protected by a mutex when available.

Solve the problem of when to call application's lock function by adding a volatile flag that indicates a share has been added to easy handles in its lifetime. That flag ever goes from FALSE to TRUE, so volatile might work (in the absence of a mutex).

(The problem is that the lock/unlock functions need 2-3 curl_share_setopt() invocations to become usable and there is no way of telling if the third will ever happen. Calling the lock function before the 3rd setopt may crash the application.)

When removing a share from an easy handle (or replacing it with another share), detach the easy connection on a share with a connection pool.

configure/cmake:

Disentangle mutex/threads availability from threaded resolver. We want to use mutex also when other resolvers are configured. This means:

• USE_THREADS_POSIX and USE_THREADS_WIN32 gone
• replaced with HAVE_THREADS_POSIX and _WIN32
• introduce USE_RESOLV_THREADED and USE_RESOLV_ARES
• introduce curl_setup.h defines
  - USE_MUTEX when pthread/win32 mutex should be used
  - USE_THREADS when threads are used
• remove CURLRES_ARES and CURLRES_THREADED

[bagder]

@aisle-analyzer augment review

[aisle-research-bot]

🔒 Aisle Security Analysis

We found 1 potential security issue(s) in this PR:

#	Severity	Title
1	🔵 Low	Race condition in curl_share_cleanup can free share during first-time link (UAF)

See details in the comment below.

---

Analyzed PR: #20870 at commit 9ad5222

_{Last updated on: 2026-03-09T22:34:54Z}

[augmentcode]

🤖 Augment PR Summary

Summary: This PR reworks share-handle concurrency tracking to avoid relying on a volatile “dirty” counter and to make share attachment/detachment from easy handles safer.

Changes:

• Replaces the former volatile dirty usage tracking with a ref_count reference counter, protected by an internal mutex when thread support is available.
• Adds helper routines to destroy shares, increment/decrement references, and manage the “has been shared” lifetime flag used to decide when app-provided lock callbacks are safe to invoke.
• Updates curl_share_setopt() to reject option changes while the share is in use via share_in_use().
• Refactors CURLOPT_SHARE handling into Curl_share_easy_link/unlink() to centralize share attach/detach logic.
• On share removal/replacement, detaches the easy handle’s connection when using a shared connection pool and unlinks DNS/cookie/HSTS/PSL pointers as applicable.
• Updates Curl_close() to unlink the easy handle from its share through the new helper.

Technical Notes: The new has_been_shared flag aims to prevent invoking application lock callbacks too early (before the lock/unlock/userdata trio is fully configured) when the share has never been used by an easy handle.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 2 suggestions posted.

Comment augment review to trigger a new review at any time.

[icing]

@vszakats I change cmake files without really having a clue. It seems to work, but I'd like your sharp eyes on this. The changes were needed because the new code needs to use pthread/win32 mutex things, even when no threaded resolver is configured.

USE_THREADS_POSIX was really a bad name. I split that into HAVE_THREADS_POSIX and USE_RESOLV_THREADED.

[bagder]

Because I merged some of your older PRs first, this now needs some merge conflicts sorted out.

[icing]

rebased