vfork(2)

1VFORK(2)                   Linux Programmer's Manual                  VFORK(2)
2
3
4

NAME

6       vfork - create a child process and block parent
7

SYNOPSIS

9       #include <sys/types.h>
10       #include <unistd.h>
11
12       pid_t vfork(void);
13
14   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
15
16       vfork():
17           Since glibc 2.12:
18               (_XOPEN_SOURCE >= 500) && ! (_POSIX_C_SOURCE >= 200809L)
19                   || /* Since glibc 2.19: */ _DEFAULT_SOURCE
20                   || /* Glibc versions <= 2.19: */ _BSD_SOURCE
21           Before glibc 2.12:
22               _BSD_SOURCE || _XOPEN_SOURCE >= 500
23

DESCRIPTION

25   Standard description
26       (From  POSIX.1)  The  vfork()  function has the same effect as fork(2),
27       except that the behavior is undefined if the process created by vfork()
28       either  modifies  any  data other than a variable of type pid_t used to
29       store the return value from vfork(), or returns from  the  function  in
30       which  vfork()  was called, or calls any other function before success‐
31       fully calling _exit(2) or one of the exec(3) family of functions.
32
33   Linux description
34       vfork(), just like fork(2), creates a  child  process  of  the  calling
35       process.  For details and return value and errors, see fork(2).
36
37       vfork()  is  a special case of clone(2).  It is used to create new pro‐
38       cesses without copying the page tables of the parent process.   It  may
39       be  useful  in performance-sensitive applications where a child is cre‐
40       ated which then immediately issues an execve(2).
41
42       vfork() differs from fork(2) in that the calling  thread  is  suspended
43       until  the  child  terminates (either normally, by calling _exit(2), or
44       abnormally, after delivery of a fatal signal), or it makes  a  call  to
45       execve(2).  Until that point, the child shares all memory with its par‐
46       ent, including the stack.  The child must not return from  the  current
47       function  or  call exit(3) (which would have the effect of calling exit
48       handlers established by the parent process and  flushing  the  parent's
49       stdio(3) buffers), but may call _exit(2).
50
51       As  with  fork(2), the child process created by vfork() inherits copies
52       of various of the caller's process attributes (e.g., file  descriptors,
53       signal  dispositions,  and current working directory); the vfork() call
54       differs only  in  the  treatment  of  the  virtual  address  space,  as
55       described above.
56
57       Signals sent to the parent arrive after the child releases the parent's
58       memory (i.e., after the child terminates or calls execve(2)).
59
60   Historic description
61       Under Linux, fork(2) is implemented using copy-on-write pages,  so  the
62       only  penalty  incurred  by  fork(2) is the time and memory required to
63       duplicate the parent's page tables, and to create a unique task  struc‐
64       ture  for  the  child.   However,  in  the bad old days a fork(2) would
65       require making a complete copy of the caller's data space, often  need‐
66       lessly,  since usually immediately afterward an exec(3) is done.  Thus,
67       for greater efficiency, BSD introduced the vfork() system  call,  which
68       did  not  fully  copy the address space of the parent process, but bor‐
69       rowed the parent's memory  and  thread  of  control  until  a  call  to
70       execve(2)  or an exit occurred.  The parent process was suspended while
71       the child was using its resources.  The use of vfork() was tricky:  for
72       example,  not  modifying data in the parent process depended on knowing
73       which variables were held in a register.
74

CONFORMING TO

76       4.3BSD; POSIX.1-2001 (but marked OBSOLETE).  POSIX.1-2008  removes  the
77       specification of vfork().
78
79       The  requirements put on vfork() by the standards are weaker than those
80       put on fork(2), so an implementation where the two  are  synonymous  is
81       compliant.   In  particular,  the  programmer cannot rely on the parent
82       remaining blocked until the child either terminates or calls execve(2),
83       and cannot rely on any specific behavior with respect to shared memory.
84

NOTES

86       Some  consider the semantics of vfork() to be an architectural blemish,
87       and the 4.2BSD man page stated: "This system call  will  be  eliminated
88       when  proper  system  sharing mechanisms are implemented.  Users should
89       not depend on the memory sharing semantics of vfork() as  it  will,  in
90       that case, be made synonymous to fork(2)."  However, even though modern
91       memory management hardware has  decreased  the  performance  difference
92       between  fork(2)  and  vfork(), there are various reasons why Linux and
93       other systems have retained vfork():
94
95       *  Some performance-critical applications require the small performance
96          advantage conferred by vfork().
97
98       *  vfork()  can be implemented on systems that lack a memory-management
99          unit (MMU), but  fork(2)  can't  be  implemented  on  such  systems.
100          (POSIX.1-2008 removed vfork() from the standard; the POSIX rationale
101          for the posix_spawn(3) function notes that that function, which pro‐
102          vides functionality equivalent to fork(2)+exec(3), is designed to be
103          implementable on systems that lack an MMU.)
104
105       *  On systems where memory is constrained, vfork() avoids the  need  to
106          temporarily commit memory (see the description of /proc/sys/vm/over‐
107          commit_memory in proc(5)) in order to execute a new program.   (This
108          can  be especially beneficial where a large parent process wishes to
109          execute a small helper program in a child  process.)   By  contrast,
110          using  fork(2) in this scenario requires either committing an amount
111          of memory equal to the size of the parent process (if  strict  over‐
112          committing  is in force) or overcommitting memory with the risk that
113          a process is terminated by the out-of-memory (OOM) killer.
114
115   Caveats
116       The child process should take care not to modify the  memory  in  unin‐
117       tended ways, since such changes will be seen by the parent process once
118       the child terminates or executes another program.  In this regard, sig‐
119       nal handlers can be especially problematic: if a signal handler that is
120       invoked in the child of  vfork()  changes  memory,  those  changes  may
121       result  in  an  inconsistent  process state from the perspective of the
122       parent process (e.g., memory changes would be visible  in  the  parent,
123       but  changes  to  the state of open file descriptors would not be visi‐
124       ble).
125
126       When vfork() is called in a multithreaded  process,  only  the  calling
127       thread  is  suspended until the child terminates or executes a new pro‐
128       gram.  This means that the child is sharing an address space with other
129       running  code.   This  can be dangerous if another thread in the parent
130       process changes credentials (using setuid(2) or similar),  since  there
131       are  now  two  processes with different privilege levels running in the
132       same address space.  As an example of the dangers, suppose that a  mul‐
133       tithreaded  program  running  as  root  creates  a child using vfork().
134       After the vfork(), a thread in the parent process drops the process  to
135       an unprivileged user in order to run some untrusted code (e.g., perhaps
136       via plug-in opened with dlopen(3)).  In this case, attacks are possible
137       where  the parent process uses mmap(2) to map in code that will be exe‐
138       cuted by the privileged child process.
139
140   Linux notes
141       Fork handlers established using pthread_atfork(3) are not called when a
142       multithreaded  program  employing  the  NPTL  threading  library  calls
143       vfork().  Fork handlers are called in this case in a program using  the
144       LinuxThreads  threading library.  (See pthreads(7) for a description of
145       Linux threading libraries.)
146
147       A call to vfork() is equivalent to calling clone(2) with  flags  speci‐
148       fied as:
149
150            CLONE_VM | CLONE_VFORK | SIGCHLD
151
152   History
153       The vfork() system call appeared in 3.0BSD.  In 4.4BSD it was made syn‐
154       onymous   to   fork(2)   but   NetBSD   introduced   it   again;    see
155       ⟨http://www.netbsd.org/Documentation/kernel/vfork.html⟩.   In Linux, it
156       has  been  equivalent  to  fork(2)  until  2.2.0-pre6  or  so.    Since
157       2.2.0-pre9  (on  i386,  somewhat later on other architectures) it is an
158       independent system call.  Support was added in glibc 2.0.112.
159

BUGS

161       Details of the signal handling are obscure and differ between  systems.
162       The  BSD man page states: "To avoid a possible deadlock situation, pro‐
163       cesses that are children in the middle of  a  vfork()  are  never  sent
164       SIGTTOU  or  SIGTTIN  signals; rather, output or ioctls are allowed and
165       input attempts result in an end-of-file indication."
166

COLOPHON

171       This page is part of release 4.15 of the Linux  man-pages  project.   A
172       description  of  the project, information about reporting bugs, and the
173       latest    version    of    this    page,    can     be     found     at
174       https://www.kernel.org/doc/man-pages/.
175
176
177
178Linux                             2017-09-15                          VFORK(2)