1vfork(2)                      System Calls Manual                     vfork(2)
2
3
4

NAME

6       vfork - create a child process and block parent
7

LIBRARY

9       Standard C library (libc, -lc)
10

SYNOPSIS

12       #include <unistd.h>
13
14       pid_t vfork(void);
15
16   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
17
18       vfork():
19           Since glibc 2.12:
20               (_XOPEN_SOURCE >= 500) && ! (_POSIX_C_SOURCE >= 200809L)
21                   || /* Since glibc 2.19: */ _DEFAULT_SOURCE
22                   || /* glibc <= 2.19: */ _BSD_SOURCE
23           Before glibc 2.12:
24               _BSD_SOURCE || _XOPEN_SOURCE >= 500
25

DESCRIPTION

27   Standard description
28       (From POSIX.1) The vfork() function has the same effect as fork(2), ex‐
29       cept that the behavior is undefined if the process created  by  vfork()
30       either  modifies  any  data other than a variable of type pid_t used to
31       store the return value from vfork(), or returns from  the  function  in
32       which  vfork()  was called, or calls any other function before success‐
33       fully calling _exit(2) or one of the exec(3) family of functions.
34
35   Linux description
36       vfork(), just like fork(2), creates a  child  process  of  the  calling
37       process.  For details and return value and errors, see fork(2).
38
39       vfork()  is  a special case of clone(2).  It is used to create new pro‐
40       cesses without copying the page tables of the parent process.   It  may
41       be  useful  in performance-sensitive applications where a child is cre‐
42       ated which then immediately issues an execve(2).
43
44       vfork() differs from fork(2) in that the calling  thread  is  suspended
45       until  the  child  terminates (either normally, by calling _exit(2), or
46       abnormally, after delivery of a fatal signal), or it makes  a  call  to
47       execve(2).  Until that point, the child shares all memory with its par‐
48       ent, including the stack.  The child must not return from  the  current
49       function  or  call exit(3) (which would have the effect of calling exit
50       handlers established by the parent process and  flushing  the  parent's
51       stdio(3) buffers), but may call _exit(2).
52
53       As  with  fork(2), the child process created by vfork() inherits copies
54       of various of the caller's process attributes (e.g., file  descriptors,
55       signal  dispositions,  and current working directory); the vfork() call
56       differs only in the treatment of the  virtual  address  space,  as  de‐
57       scribed above.
58
59       Signals sent to the parent arrive after the child releases the parent's
60       memory (i.e., after the child terminates or calls execve(2)).
61
62   Historic description
63       Under Linux, fork(2) is implemented using copy-on-write pages,  so  the
64       only penalty incurred by fork(2) is the time and memory required to du‐
65       plicate the parent's page tables, and to create a unique task structure
66       for  the  child.   However, in the bad old days a fork(2) would require
67       making a complete copy of the caller's data  space,  often  needlessly,
68       since  usually  immediately  afterward  an  exec(3) is done.  Thus, for
69       greater efficiency, BSD introduced the vfork() system call,  which  did
70       not  fully  copy  the address space of the parent process, but borrowed
71       the parent's memory and thread of control until a call to execve(2)  or
72       an exit occurred.  The parent process was suspended while the child was
73       using its resources.  The use of vfork() was tricky: for  example,  not
74       modifying  data  in  the parent process depended on knowing which vari‐
75       ables were held in a register.
76

VERSIONS

78       The requirements put on vfork() by the standards are weaker than  those
79       put  on  fork(2),  so an implementation where the two are synonymous is
80       compliant.  In particular, the programmer cannot rely on the parent re‐
81       maining  blocked  until the child either terminates or calls execve(2),
82       and cannot rely on any specific behavior with respect to shared memory.
83
84       Some consider the semantics of vfork() to be an architectural  blemish,
85       and  the  4.2BSD  man page stated: “This system call will be eliminated
86       when proper system sharing mechanisms are  implemented.   Users  should
87       not depend on the memory sharing semantics of vfork as it will, in that
88       case, be made synonymous to fork.”  However, even though modern  memory
89       management  hardware  has  decreased the performance difference between
90       fork(2) and vfork(), there are various reasons why Linux and other sys‐
91       tems have retained vfork():
92
93       •  Some performance-critical applications require the small performance
94          advantage conferred by vfork().
95
96       •  vfork() can be implemented on systems that lack a  memory-management
97          unit  (MMU),  but  fork(2)  can't  be  implemented  on such systems.
98          (POSIX.1-2008 removed vfork() from the standard; the POSIX rationale
99          for the posix_spawn(3) function notes that that function, which pro‐
100          vides functionality equivalent to fork(2)+exec(3), is designed to be
101          implementable on systems that lack an MMU.)
102
103       •  On  systems  where memory is constrained, vfork() avoids the need to
104          temporarily commit memory (see the description of /proc/sys/vm/over‐
105          commit_memory  in proc(5)) in order to execute a new program.  (This
106          can be especially beneficial where a large parent process wishes  to
107          execute  a  small  helper program in a child process.)  By contrast,
108          using fork(2) in this scenario requires either committing an  amount
109          of  memory  equal to the size of the parent process (if strict over‐
110          committing is in force) or overcommitting memory with the risk  that
111          a process is terminated by the out-of-memory (OOM) killer.
112
113   Linux notes
114       Fork handlers established using pthread_atfork(3) are not called when a
115       multithreaded  program  employing  the  NPTL  threading  library  calls
116       vfork().   Fork handlers are called in this case in a program using the
117       LinuxThreads threading library.  (See pthreads(7) for a description  of
118       Linux threading libraries.)
119
120       A  call  to vfork() is equivalent to calling clone(2) with flags speci‐
121       fied as:
122
123            CLONE_VM | CLONE_VFORK | SIGCHLD
124

STANDARDS

126       None.
127

HISTORY

129       4.3BSD; POSIX.1-2001 (but marked OBSOLETE).  POSIX.1-2008  removes  the
130       specification of vfork().
131
132       The vfork() system call appeared in 3.0BSD.  In 4.4BSD it was made syn‐
133       onymous   to   fork(2)   but   NetBSD   introduced   it   again;    see
134       ⟨http://www.netbsd.org/Documentation/kernel/vfork.html⟩.   In Linux, it
135       has been equivalent to fork(2) until Linux  2.2.0-pre6  or  so.   Since
136       Linux 2.2.0-pre9 (on i386, somewhat later on other architectures) it is
137       an independent system call.  Support was added in glibc 2.0.112.
138

CAVEATS

140       The child process should take care not to modify the  memory  in  unin‐
141       tended ways, since such changes will be seen by the parent process once
142       the child terminates or executes another program.  In this regard, sig‐
143       nal handlers can be especially problematic: if a signal handler that is
144       invoked in the child of vfork() changes memory, those changes  may  re‐
145       sult  in an inconsistent process state from the perspective of the par‐
146       ent process (e.g., memory changes would be visible in the  parent,  but
147       changes to the state of open file descriptors would not be visible).
148
149       When  vfork()  is  called  in a multithreaded process, only the calling
150       thread is suspended until the child terminates or executes a  new  pro‐
151       gram.  This means that the child is sharing an address space with other
152       running code.  This can be dangerous if another thread  in  the  parent
153       process  changes  credentials (using setuid(2) or similar), since there
154       are now two processes with different privilege levels  running  in  the
155       same  address space.  As an example of the dangers, suppose that a mul‐
156       tithreaded program running as root creates a child using vfork().   Af‐
157       ter the vfork(), a thread in the parent process drops the process to an
158       unprivileged user in order to run some untrusted  code  (e.g.,  perhaps
159       via plug-in opened with dlopen(3)).  In this case, attacks are possible
160       where the parent process uses mmap(2) to map in code that will be  exe‐
161       cuted by the privileged child process.
162

BUGS

164       Details  of the signal handling are obscure and differ between systems.
165       The BSD man page states: "To avoid a possible deadlock situation,  pro‐
166       cesses  that  are  children  in  the middle of a vfork() are never sent
167       SIGTTOU or SIGTTIN signals; rather, output or ioctls  are  allowed  and
168       input attempts result in an end-of-file indication."
169

SEE ALSO

171       clone(2), execve(2), _exit(2), fork(2), unshare(2), wait(2)
172
173
174
175Linux man-pages 6.05              2023-07-28                          vfork(2)