bionic (2) vfork.2.gz

Provided by: manpages-dev_4.15-1_all bug

NAME

       vfork - create a child process and block parent

SYNOPSIS

       #include <sys/types.h>
       #include <unistd.h>

       pid_t vfork(void);

   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):

       vfork():
           Since glibc 2.12:
               (_XOPEN_SOURCE >= 500) && ! (_POSIX_C_SOURCE >= 200809L)
                   || /* Since glibc 2.19: */ _DEFAULT_SOURCE
                   || /* Glibc versions <= 2.19: */ _BSD_SOURCE
           Before glibc 2.12:
               _BSD_SOURCE || _XOPEN_SOURCE >= 500

DESCRIPTION

   Standard description
       (From POSIX.1) The vfork() function has the same effect as fork(2), except that the behavior is undefined
       if the process created by vfork() either modifies any data other than a variable of type  pid_t  used  to
       store  the  return value from vfork(), or returns from the function in which vfork() was called, or calls
       any other function before successfully calling _exit(2) or one of the exec(3) family of functions.

   Linux description
       vfork(), just like fork(2), creates a child process of the calling process.  For details and return value
       and errors, see fork(2).

       vfork()  is  a  special  case  of  clone(2).  It is used to create new processes without copying the page
       tables of the parent process.  It may be useful in performance-sensitive applications where  a  child  is
       created which then immediately issues an execve(2).

       vfork()  differs  from fork(2) in that the calling thread is suspended until the child terminates (either
       normally, by calling _exit(2), or abnormally, after delivery of a fatal signal), or it makes  a  call  to
       execve(2).   Until  that  point,  the  child shares all memory with its parent, including the stack.  The
       child must not return from the current function or call exit(3) (which would have the effect  of  calling
       exit handlers established by the parent process and flushing the parent's stdio(3) buffers), but may call
       _exit(2).

       As with fork(2), the child process created by vfork() inherits copies of various of the caller's  process
       attributes (e.g., file descriptors, signal dispositions, and current working directory); the vfork() call
       differs only in the treatment of the virtual address space, as described above.

       Signals sent to the parent arrive after the child releases the parent's memory  (i.e.,  after  the  child
       terminates or calls execve(2)).

   Historic description
       Under Linux, fork(2) is implemented using copy-on-write pages, so the only penalty incurred by fork(2) is
       the time and memory required to duplicate the parent's page tables, and to create a unique task structure
       for  the  child.   However,  in  the  bad  old days a fork(2) would require making a complete copy of the
       caller's data space, often needlessly, since usually immediately afterward an exec(3) is done.  Thus, for
       greater efficiency, BSD introduced the vfork() system call, which did not fully copy the address space of
       the parent process, but borrowed the parent's memory and thread of control until a call to  execve(2)  or
       an  exit occurred.  The parent process was suspended while the child was using its resources.  The use of
       vfork() was tricky: for example, not modifying data in the  parent  process  depended  on  knowing  which
       variables were held in a register.

CONFORMING TO

       4.3BSD; POSIX.1-2001 (but marked OBSOLETE).  POSIX.1-2008 removes the specification of vfork().

       The  requirements  put  on  vfork()  by  the  standards  are  weaker  than  those  put  on fork(2), so an
       implementation where the two are synonymous is compliant.  In particular, the programmer cannot  rely  on
       the parent remaining blocked until the child either terminates or calls execve(2), and cannot rely on any
       specific behavior with respect to shared memory.

NOTES

       Some consider the semantics of vfork() to be an architectural blemish, and the 4.2BSD  man  page  stated:
       "This system call will be eliminated when proper system sharing mechanisms are implemented.  Users should
       not depend on the memory sharing semantics of vfork() as it will, in that case,  be  made  synonymous  to
       fork(2)."   However,  even  though  modern  memory  management  hardware  has  decreased  the performance
       difference between fork(2) and vfork(), there are various  reasons  why  Linux  and  other  systems  have
       retained vfork():

       *  Some performance-critical applications require the small performance advantage conferred by vfork().

       *  vfork()  can  be implemented on systems that lack a memory-management unit (MMU), but fork(2) can't be
          implemented on such systems.  (POSIX.1-2008 removed vfork() from the standard; the POSIX rationale for
          the  posix_spawn(3)  function  notes  that  that  function, which provides functionality equivalent to
          fork(2)+exec(3), is designed to be implementable on systems that lack an MMU.)

       *  On systems where memory is constrained, vfork() avoids the need to temporarily commit memory (see  the
          description  of  /proc/sys/vm/overcommit_memory  in proc(5)) in order to execute a new program.  (This
          can be especially beneficial where a large parent process wishes to execute a small helper program  in
          a child process.)  By contrast, using fork(2) in this scenario requires either committing an amount of
          memory equal  to  the  size  of  the  parent  process  (if  strict  overcommitting  is  in  force)  or
          overcommitting memory with the risk that a process is terminated by the out-of-memory (OOM) killer.

   Caveats
       The  child  process should take care not to modify the memory in unintended ways, since such changes will
       be seen by the parent process once the child terminates or executes another  program.   In  this  regard,
       signal  handlers  can  be  especially  problematic:  if  a signal handler that is invoked in the child of
       vfork() changes memory, those changes may result in an inconsistent process state from the perspective of
       the parent process (e.g., memory changes would be visible in the parent, but changes to the state of open
       file descriptors would not be visible).

       When vfork() is called in a multithreaded process, only the calling thread is suspended until  the  child
       terminates  or  executes a new program.  This means that the child is sharing an address space with other
       running code.  This can be dangerous if another thread in the parent process changes  credentials  (using
       setuid(2)  or  similar), since there are now two processes with different privilege levels running in the
       same address space.  As an example of the dangers, suppose that a multithreaded program running  as  root
       creates a child using vfork().  After the vfork(), a thread in the parent process drops the process to an
       unprivileged user in order to run some untrusted code (e.g., perhaps via plug-in opened with  dlopen(3)).
       In  this  case,  attacks  are  possible where the parent process uses mmap(2) to map in code that will be
       executed by the privileged child process.

   Linux notes
       Fork handlers established using pthread_atfork(3) are not called when a multithreaded  program  employing
       the  NPTL  threading library calls vfork().  Fork handlers are called in this case in a program using the
       LinuxThreads threading library.  (See pthreads(7) for a description of Linux threading libraries.)

       A call to vfork() is equivalent to calling clone(2) with flags specified as:

            CLONE_VM | CLONE_VFORK | SIGCHLD

   History
       The vfork() system call appeared in 3.0BSD.  In 4.4BSD it was  made  synonymous  to  fork(2)  but  NetBSD
       introduced  it again; see ⟨http://www.netbsd.org/Documentation/kernel/vfork.html⟩.  In Linux, it has been
       equivalent to fork(2) until 2.2.0-pre6 or so.   Since  2.2.0-pre9  (on  i386,  somewhat  later  on  other
       architectures) it is an independent system call.  Support was added in glibc 2.0.112.

BUGS

       Details  of  the  signal  handling  are obscure and differ between systems.  The BSD man page states: "To
       avoid a possible deadlock situation, processes that are children in the middle of  a  vfork()  are  never
       sent  SIGTTOU  or  SIGTTIN  signals; rather, output or ioctls are allowed and input attempts result in an
       end-of-file indication."

SEE ALSO

       clone(2), execve(2), _exit(2), fork(2), unshare(2), wait(2)

COLOPHON

       This page is part of release 4.15 of  the  Linux  man-pages  project.   A  description  of  the  project,
       information   about   reporting   bugs,   and   the  latest  version  of  this  page,  can  be  found  at
       https://www.kernel.org/doc/man-pages/.