man2/vfork.2

   1 .\" Copyright (c) 1999 Andries Brouwer (aeb@cwi.nl), 1 Nov 1999
   2 .\" and Copyright 2006, 2012, 2017 Michael Kerrisk <mtk.manpages@gmail.com>
   3 .\"
   4 .\" %%%LICENSE_START(VERBATIM)
   5 .\" Permission is granted to make and distribute verbatim copies of this
   6 .\" manual provided the copyright notice and this permission notice are
   7 .\" preserved on all copies.
   8 .\"
   9 .\" Permission is granted to copy and distribute modified versions of this
  10 .\" manual under the conditions for verbatim copying, provided that the
  11 .\" entire resulting derived work is distributed under the terms of a
  12 .\" permission notice identical to this one.
  13 .\"
  14 .\" Since the Linux kernel and libraries are constantly changing, this
  15 .\" manual page may be incorrect or out-of-date.  The author(s) assume no
  16 .\" responsibility for errors or omissions, or for damages resulting from
  17 .\" the use of the information contained herein.  The author(s) may not
  18 .\" have taken the same level of care in the production of this manual,
  19 .\" which is licensed free of charge, as they might when working
  20 .\" professionally.
  21 .\"
  22 .\" Formatted or processed versions of this manual, if unaccompanied by
  23 .\" the source, must acknowledge the copyright and authors of this work.
  24 .\" %%%LICENSE_END
  25 .\"
  26 .\" 1999-11-10: Merged text taken from the page contributed by
  27 .\" Reed H. Petty (rhp@draper.net)
  28 .\"
  29 .TH VFORK 2 2017-09-15 "Linux" "Linux Programmer's Manual"
  30 .SH NAME
  31 vfork \- create a child process and block parent
  32 .SH SYNOPSIS
  33 .B #include <sys/types.h>
  34 .br
  35 .B #include <unistd.h>
  36 .PP
  37 .B pid_t vfork(void);
  38 .PP
  39 .in -4n
  40 Feature Test Macro Requirements for glibc (see
  41 .BR feature_test_macros (7)):
  42 .in
  43 .PP
  44 .BR vfork ():
  45 .ad l
  46 .RS 4
  47 .PD 0
  48 .TP 4
  49 Since glibc 2.12:
  50 .nf
  51 (_XOPEN_SOURCE\ >=\ 500) && ! (_POSIX_C_SOURCE\ >=\ 200809L)
  52     || /* Since glibc 2.19: */ _DEFAULT_SOURCE
  53     || /* Glibc versions <= 2.19: */ _BSD_SOURCE
  54 .TP 4
  55 .fi
  56 Before glibc 2.12:
  57 _BSD_SOURCE || _XOPEN_SOURCE\ >=\ 500
  58 .\"     || _XOPEN_SOURCE\ &&\ _XOPEN_SOURCE_EXTENDED
  59 .PD
  60 .RE
  61 .ad b
  62 .SH DESCRIPTION
  63 .SS Standard description
  64 (From POSIX.1)
  65 The
  66 .BR vfork ()
  67 function has the same effect as
  68 .BR fork (2),
  69 except that the behavior is undefined if the process created by
  70 .BR vfork ()
  71 either modifies any data other than a variable of type
  72 .I pid_t
  73 used to store the return value from
  74 .BR vfork (),
  75 or returns from the function in which
  76 .BR vfork ()
  77 was called, or calls any other function before successfully calling
  78 .BR _exit (2)
  79 or one of the
  80 .BR exec (3)
  81 family of functions.
  82 .SS Linux description
  83 .BR vfork (),
  84 just like
  85 .BR fork (2),
  86 creates a child process of the calling process.
  87 For details and return value and errors, see
  88 .BR fork (2).
  89 .PP
  90 .BR vfork ()
  91 is a special case of
  92 .BR clone (2).
  93 It is used to create new processes without copying the page tables of
  94 the parent process.
  95 It may be useful in performance-sensitive applications
  96 where a child is created which then immediately issues an
  97 .BR execve (2).
  98 .PP
  99 .BR vfork ()
 100 differs from
 101 .BR fork (2)
 102 in that the calling thread is suspended until the child terminates
 103 (either normally,
 104 by calling
 105 .BR _exit (2),
 106 or abnormally, after delivery of a fatal signal),
 107 or it makes a call to
 108 .BR execve (2).
 109 Until that point, the child shares all memory with its parent,
 110 including the stack.
 111 The child must not return from the current function or call
 112 .BR exit (3)
 113 (which would have the effect of calling exit handlers
 114 established by the parent process and flushing the parent's
 115 .BR stdio (3)
 116 buffers), but may call
 117 .BR _exit (2).
 118 .PP
 119 As with
 120 .BR fork (2),
 121 the child process created by
 122 .BR vfork ()
 123 inherits copies of various of the caller's process attributes
 124 (e.g., file descriptors, signal dispositions, and current working directory);
 125 the
 126 .BR vfork ()
 127 call differs only in the treatment of the virtual address space,
 128 as described above.
 129 .PP
 130 Signals sent to the parent
 131 arrive after the child releases the parent's memory
 132 (i.e., after the child terminates
 133 or calls
 134 .BR execve (2)).
 135 .SS Historic description
 136 Under Linux,
 137 .BR fork (2)
 138 is implemented using copy-on-write pages, so the only penalty incurred by
 139 .BR fork (2)
 140 is the time and memory required to duplicate the parent's page tables,
 141 and to create a unique task structure for the child.
 142 However, in the bad old days a
 143 .BR fork (2)
 144 would require making a complete copy of the caller's data space,
 145 often needlessly, since usually immediately afterward an
 146 .BR exec (3)
 147 is done.
 148 Thus, for greater efficiency, BSD introduced the
 149 .BR vfork ()
 150 system call, which did not fully copy the address space of
 151 the parent process, but borrowed the parent's memory and thread
 152 of control until a call to
 153 .BR execve (2)
 154 or an exit occurred.
 155 The parent process was suspended while the
 156 child was using its resources.
 157 The use of
 158 .BR vfork ()
 159 was tricky: for example, not modifying data
 160 in the parent process depended on knowing which variables were
 161 held in a register.
 162 .SH CONFORMING TO
 163 4.3BSD; POSIX.1-2001 (but marked OBSOLETE).
 164 POSIX.1-2008 removes the specification of
 165 .BR vfork ().
 166 .PP
 167 The requirements put on
 168 .BR vfork ()
 169 by the standards are weaker than those put on
 170 .BR fork (2),
 171 so an implementation where the two are synonymous is compliant.
 172 In particular, the programmer cannot rely on the parent
 173 remaining blocked until the child either terminates or calls
 174 .BR execve (2),
 175 and cannot rely on any specific behavior with respect to shared memory.
 176 .\" In AIXv3.1 vfork is equivalent to fork.
 177 .SH NOTES
 178 .PP
 179 Some consider the semantics of
 180 .BR vfork ()
 181 to be an architectural blemish, and the 4.2BSD man page stated:
 182 "This system call will be eliminated when proper system sharing mechanisms
 183 are implemented.
 184 Users should not depend on the memory sharing semantics of
 185 .BR vfork ()
 186 as it will, in that case, be made synonymous to
 187 .BR fork (2).\c
 188 "
 189 However, even though modern memory management hardware
 190 has decreased the performance difference between
 191 .BR fork (2)
 192 and
 193 .BR vfork (),
 194 there are various reasons why Linux and other systems have retained
 195 .BR vfork ():
 196 .IP * 3
 197 Some performance-critical applications require the small performance
 198 advantage conferred by
 199 .BR vfork ().
 200 .IP *
 201 .BR vfork ()
 202 can be implemented on systems that lack a memory-management unit (MMU), but
 203 .BR fork (2)
 204 can't be implemented on such systems.
 205 (POSIX.1-2008 removed
 206 .BR vfork ()
 207 from the standard; the POSIX rationale for the
 208 .BR posix_spawn (3)
 209 function notes that that function,
 210 which provides functionality equivalent to
 211 .BR fork (2)+ exec (3),
 212 is designed to be implementable on systems that lack an MMU.)
 213 .\" http://stackoverflow.com/questions/4259629/what-is-the-difference-between-fork-and-vfork
 214 .\" http://developers.sun.com/solaris/articles/subprocess/subprocess.html
 215 .\" http://mailman.uclinux.org/pipermail/uclinux-dev/2009-April/000684.html
 216 .\"
 217 .IP *
 218 On systems where memory is constrained,
 219 .BR vfork ()
 220 avoids the need to temporarily commit memory (see the description of
 221 .IR /proc/sys/vm/overcommit_memory
 222 in
 223 .BR proc (5))
 224 in order to execute a new program.
 225 (This can be especially beneficial where a large parent process wishes
 226 to execute a small helper program in a child process.)
 227 By contrast, using
 228 .BR fork (2)
 229 in this scenario requires either committing an amount of memory equal
 230 to the size of the parent process (if strict overcommitting is in force)
 231 or overcommitting memory with the risk that a process is terminated
 232 by the out-of-memory (OOM) killer.
 233 .\"
 234 .SS Caveats
 235 The child process should take care not to modify the memory in unintended ways,
 236 since such changes will be seen by the parent process once
 237 the child terminates or executes another program.
 238 In this regard, signal handlers can be especially problematic:
 239 if a signal handler that is invoked in the child of
 240 .BR vfork ()
 241 changes memory, those changes may result in an inconsistent process state
 242 from the perspective of the parent process
 243 (e.g., memory changes would be visible in the parent,
 244 but changes to the state of open file descriptors would not be visible).
 245 .PP
 246 When
 247 .BR vfork ()
 248 is called in a multithreaded process,
 249 only the calling thread is suspended until the child terminates
 250 or executes a new program.
 251 This means that the child is sharing an address space with other running code.
 252 This can be dangerous if another thread in the parent process
 253 changes credentials (using
 254 .BR setuid (2)
 255 or similar),
 256 since there are now two processes with different privilege levels
 257 running in the same address space.
 258 As an example of the dangers,
 259 suppose that a multithreaded program running as root creates a child using
 260 .BR vfork ().
 261 After the
 262 .BR vfork (),
 263 a thread in the parent process drops the process to an unprivileged user
 264 in order to run some untrusted code
 265 (e.g., perhaps via plug-in opened with
 266 .BR dlopen (3)).
 267 In this case, attacks are possible where the parent process uses
 268 .BR mmap (2)
 269 to map in code that will be executed by the privileged child process.
 270 .\"
 271 .SS Linux notes
 272 Fork handlers established using
 273 .BR pthread_atfork (3)
 274 are not called when a multithreaded program employing
 275 the NPTL threading library calls
 276 .BR vfork ().
 277 Fork handlers are called in this case in a program using the
 278 LinuxThreads threading library.
 279 (See
 280 .BR pthreads (7)
 281 for a description of Linux threading libraries.)
 282 .PP
 283 A call to
 284 .BR vfork ()
 285 is equivalent to calling
 286 .BR clone (2)
 287 with
 288 .I flags
 289 specified as:
 290 .PP
 291      CLONE_VM | CLONE_VFORK | SIGCHLD
 292 .SS History
 293 The
 294 .BR vfork ()
 295 system call appeared in 3.0BSD.
 296 .\" In the release notes for 4.2BSD Sam Leffler wrote: `vfork: Is still
 297 .\" present, but definitely on its way out'.
 298 In 4.4BSD it was made synonymous to
 299 .BR fork (2)
 300 but NetBSD introduced it again;
 301 see
 302 .UR http://www.netbsd.org\:/Documentation\:/kernel\:/vfork.html
 303 .UE .
 304 In Linux, it has been equivalent to
 305 .BR fork (2)
 306 until 2.2.0-pre6 or so.
 307 Since 2.2.0-pre9 (on i386, somewhat later on
 308 other architectures) it is an independent system call.
 309 Support was added in glibc 2.0.112.
 310 .SH BUGS
 311 .PP
 312 Details of the signal handling are obscure and differ between systems.
 313 The BSD man page states:
 314 "To avoid a possible deadlock situation, processes that are children
 315 in the middle of a
 316 .BR vfork ()
 317 are never sent
 318 .B SIGTTOU
 319 or
 320 .B SIGTTIN
 321 signals; rather, output or
 322 .IR ioctl s
 323 are allowed and input attempts result in an end-of-file indication."
 324 .\"
 325 .\" As far as I can tell, the following is not true in 2.6.19:
 326 .\" Currently (Linux 2.3.25),
 327 .\" .BR strace (1)
 328 .\" cannot follow
 329 .\" .BR vfork ()
 330 .\" and requires a kernel patch.
 331 .SH SEE ALSO
 332 .BR clone (2),
 333 .BR execve (2),
 334 .BR _exit (2),
 335 .BR fork (2),
 336 .BR unshare (2),
 337 .BR wait (2)