vfork(2) - f36

1VFORK(2)                   Linux Programmer's Manual                  VFORK(2)
2
3
4

NAME

6       vfork - create a child process and block parent
7

SYNOPSIS

9       #include <unistd.h>
10
11       pid_t vfork(void);
12
13   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
14
15       vfork():
16           Since glibc 2.12:
17               (_XOPEN_SOURCE >= 500) && ! (_POSIX_C_SOURCE >= 200809L)
18                   || /* Since glibc 2.19: */ _DEFAULT_SOURCE
19                   || /* Glibc <= 2.19: */ _BSD_SOURCE
20           Before glibc 2.12:
21               _BSD_SOURCE || _XOPEN_SOURCE >= 500
22

DESCRIPTION

24   Standard description
25       (From POSIX.1) The vfork() function has the same effect as fork(2), ex‐
26       cept that the behavior is undefined if the process created  by  vfork()
27       either  modifies  any  data other than a variable of type pid_t used to
28       store the return value from vfork(), or returns from  the  function  in
29       which  vfork()  was called, or calls any other function before success‐
30       fully calling _exit(2) or one of the exec(3) family of functions.
31
32   Linux description
33       vfork(), just like fork(2), creates a  child  process  of  the  calling
34       process.  For details and return value and errors, see fork(2).
35
36       vfork()  is  a special case of clone(2).  It is used to create new pro‐
37       cesses without copying the page tables of the parent process.   It  may
38       be  useful  in performance-sensitive applications where a child is cre‐
39       ated which then immediately issues an execve(2).
40
41       vfork() differs from fork(2) in that the calling  thread  is  suspended
42       until  the  child  terminates (either normally, by calling _exit(2), or
43       abnormally, after delivery of a fatal signal), or it makes  a  call  to
44       execve(2).  Until that point, the child shares all memory with its par‐
45       ent, including the stack.  The child must not return from  the  current
46       function  or  call exit(3) (which would have the effect of calling exit
47       handlers established by the parent process and  flushing  the  parent's
48       stdio(3) buffers), but may call _exit(2).
49
50       As  with  fork(2), the child process created by vfork() inherits copies
51       of various of the caller's process attributes (e.g., file  descriptors,
52       signal  dispositions,  and current working directory); the vfork() call
53       differs only in the treatment of the  virtual  address  space,  as  de‐
54       scribed above.
55
56       Signals sent to the parent arrive after the child releases the parent's
57       memory (i.e., after the child terminates or calls execve(2)).
58
59   Historic description
60       Under Linux, fork(2) is implemented using copy-on-write pages,  so  the
61       only penalty incurred by fork(2) is the time and memory required to du‐
62       plicate the parent's page tables, and to create a unique task structure
63       for  the  child.   However, in the bad old days a fork(2) would require
64       making a complete copy of the caller's data  space,  often  needlessly,
65       since  usually  immediately  afterward  an  exec(3) is done.  Thus, for
66       greater efficiency, BSD introduced the vfork() system call,  which  did
67       not  fully  copy  the address space of the parent process, but borrowed
68       the parent's memory and thread of control until a call to execve(2)  or
69       an exit occurred.  The parent process was suspended while the child was
70       using its resources.  The use of vfork() was tricky: for  example,  not
71       modifying  data  in  the parent process depended on knowing which vari‐
72       ables were held in a register.
73

CONFORMING TO

75       4.3BSD; POSIX.1-2001 (but marked OBSOLETE).  POSIX.1-2008  removes  the
76       specification of vfork().
77
78       The  requirements put on vfork() by the standards are weaker than those
79       put on fork(2), so an implementation where the two  are  synonymous  is
80       compliant.  In particular, the programmer cannot rely on the parent re‐
81       maining blocked until the child either terminates or  calls  execve(2),
82       and cannot rely on any specific behavior with respect to shared memory.
83

NOTES

85       Some  consider the semantics of vfork() to be an architectural blemish,
86       and the 4.2BSD man page stated: "This system call  will  be  eliminated
87       when  proper  system  sharing mechanisms are implemented.  Users should
88       not depend on the memory sharing semantics of vfork() as  it  will,  in
89       that case, be made synonymous to fork(2)."  However, even though modern
90       memory management hardware has decreased the performance difference be‐
91       tween  fork(2)  and  vfork(),  there  are various reasons why Linux and
92       other systems have retained vfork():
93
94       *  Some performance-critical applications require the small performance
95          advantage conferred by vfork().
96
97       *  vfork()  can be implemented on systems that lack a memory-management
98          unit (MMU), but  fork(2)  can't  be  implemented  on  such  systems.
99          (POSIX.1-2008 removed vfork() from the standard; the POSIX rationale
100          for the posix_spawn(3) function notes that that function, which pro‐
101          vides functionality equivalent to fork(2)+exec(3), is designed to be
102          implementable on systems that lack an MMU.)
103
104       *  On systems where memory is constrained, vfork() avoids the  need  to
105          temporarily commit memory (see the description of /proc/sys/vm/over‐
106          commit_memory in proc(5)) in order to execute a new program.   (This
107          can  be especially beneficial where a large parent process wishes to
108          execute a small helper program in a child  process.)   By  contrast,
109          using  fork(2) in this scenario requires either committing an amount
110          of memory equal to the size of the parent process (if  strict  over‐
111          committing  is in force) or overcommitting memory with the risk that
112          a process is terminated by the out-of-memory (OOM) killer.
113
114   Caveats
115       The child process should take care not to modify the  memory  in  unin‐
116       tended ways, since such changes will be seen by the parent process once
117       the child terminates or executes another program.  In this regard, sig‐
118       nal handlers can be especially problematic: if a signal handler that is
119       invoked in the child of vfork() changes memory, those changes  may  re‐
120       sult  in an inconsistent process state from the perspective of the par‐
121       ent process (e.g., memory changes would be visible in the  parent,  but
122       changes to the state of open file descriptors would not be visible).
123
124       When  vfork()  is  called  in a multithreaded process, only the calling
125       thread is suspended until the child terminates or executes a  new  pro‐
126       gram.  This means that the child is sharing an address space with other
127       running code.  This can be dangerous if another thread  in  the  parent
128       process  changes  credentials (using setuid(2) or similar), since there
129       are now two processes with different privilege levels  running  in  the
130       same  address space.  As an example of the dangers, suppose that a mul‐
131       tithreaded program running as root creates a child using vfork().   Af‐
132       ter the vfork(), a thread in the parent process drops the process to an
133       unprivileged user in order to run some untrusted  code  (e.g.,  perhaps
134       via plug-in opened with dlopen(3)).  In this case, attacks are possible
135       where the parent process uses mmap(2) to map in code that will be  exe‐
136       cuted by the privileged child process.
137
138   Linux notes
139       Fork handlers established using pthread_atfork(3) are not called when a
140       multithreaded  program  employing  the  NPTL  threading  library  calls
141       vfork().   Fork handlers are called in this case in a program using the
142       LinuxThreads threading library.  (See pthreads(7) for a description  of
143       Linux threading libraries.)
144
145       A  call  to vfork() is equivalent to calling clone(2) with flags speci‐
146       fied as:
147
148            CLONE_VM | CLONE_VFORK | SIGCHLD
149
150   History
151       The vfork() system call appeared in 3.0BSD.  In 4.4BSD it was made syn‐
152       onymous    to   fork(2)   but   NetBSD   introduced   it   again;   see
153       ⟨http://www.netbsd.org/Documentation/kernel/vfork.html⟩.  In Linux,  it
154       has   been  equivalent  to  fork(2)  until  2.2.0-pre6  or  so.   Since
155       2.2.0-pre9 (on i386, somewhat later on other architectures)  it  is  an
156       independent system call.  Support was added in glibc 2.0.112.
157

BUGS

159       Details  of the signal handling are obscure and differ between systems.
160       The BSD man page states: "To avoid a possible deadlock situation,  pro‐
161       cesses  that  are  children  in  the middle of a vfork() are never sent
162       SIGTTOU or SIGTTIN signals; rather, output or ioctls  are  allowed  and
163       input attempts result in an end-of-file indication."
164

COLOPHON

169       This  page  is  part of release 5.13 of the Linux man-pages project.  A
170       description of the project, information about reporting bugs,  and  the
171       latest     version     of     this    page,    can    be    found    at
172       https://www.kernel.org/doc/man-pages/.
173
174
175
176Linux                             2021-03-22                          VFORK(2)