Section: Linux Programmer's Manual (2)
Return to Main Contents
vfork - create a child process and block parent
Feature Test Macro Requirements for glibc (see
- Since glibc 2.12:
(_XOPEN_SOURCE >= 500) && ! (_POSIX_C_SOURCE >= 200809L)
|| /* Since glibc 2.19: */ _DEFAULT_SOURCE
|| /* Glibc versions <= 2.19: */ _BSD_SOURCE
Before glibc 2.12:
_BSD_SOURCE || _XOPEN_SOURCE >= 500
function has the same effect as
except that the behavior is undefined if the process created by
either modifies any data other than a variable of type
used to store the return value from
or returns from the function in which
was called, or calls any other function before successfully calling
or one of the
family of functions.
creates a child process of the calling process.
For details and return value and errors, see
is a special case of
It is used to create new processes without copying the page tables of
the parent process.
It may be useful in performance-sensitive applications
where a child is created which then immediately issues an
in that the calling thread is suspended until the child terminates
or abnormally, after delivery of a fatal signal),
or it makes a call to
Until that point, the child shares all memory with its parent,
including the stack.
The child must not return from the current function or call
(which would have the effect of calling exit handlers
established by the parent process and flushing the parent's
buffers), but may call
the child process created by
inherits copies of various of the caller's process attributes
(e.g., file descriptors, signal dispositions, and current working directory);
call differs only in the treatment of the virtual address space,
as described above.
Signals sent to the parent
arrive after the child releases the parent's memory
(i.e., after the child terminates
is implemented using copy-on-write pages, so the only penalty incurred by
is the time and memory required to duplicate the parent's page tables,
and to create a unique task structure for the child.
However, in the bad old days a
would require making a complete copy of the caller's data space,
often needlessly, since usually immediately afterward an
Thus, for greater efficiency, BSD introduced the
system call, which did not fully copy the address space of
the parent process, but borrowed the parent's memory and thread
of control until a call to
or an exit occurred.
The parent process was suspended while the
child was using its resources.
The use of
was tricky: for example, not modifying data
in the parent process depended on knowing which variables were
held in a register.
4.3BSD; POSIX.1-2001 (but marked OBSOLETE).
POSIX.1-2008 removes the specification of
The requirements put on
by the standards are weaker than those put on
so an implementation where the two are synonymous is compliant.
In particular, the programmer cannot rely on the parent
remaining blocked until the child either terminates or calls
and cannot rely on any specific behavior with respect to shared memory.
Some consider the semantics of
to be an architectural blemish, and the 4.2BSD man page stated:
"This system call will be eliminated when proper system sharing mechanisms
Users should not depend on the memory sharing semantics of
as it will, in that case, be made synonymous to
However, even though modern memory management hardware
has decreased the performance difference between
there are various reasons why Linux and other systems have retained
Some performance-critical applications require the small performance
advantage conferred by
can be implemented on systems that lack a memory-management unit (MMU), but
can't be implemented on such systems.
from the standard; the POSIX rationale for the
function notes that that function,
which provides functionality equivalent to
is designed to be implementable on systems that lack an MMU.)
On systems where memory is constrained,
avoids the need to temporarily commit memory (see the description of
in order to execute a new program.
(This can be especially beneficial where a large parent process wishes
to execute a small helper program in a child process.)
By contrast, using
in this scenario requires either committing an amount of memory equal
to the size of the parent process (if strict overcommitting is in force)
or overcommitting memory with the risk that a process is terminated
by the out-of-memory (OOM) killer.
The child process should take care not to modify the memory in unintended ways,
since such changes will be seen by the parent process once
the child terminates or executes another program.
In this regard, signal handlers can be especially problematic:
if a signal handler that is invoked in the child of
changes memory, those changes may result in an inconsistent process state
from the perspective of the parent process
(e.g., memory changes would be visible in the parent,
but changes to the state of open file descriptors would not be visible).
is called in a multithreaded process,
only the calling thread is suspended until the child terminates
or executes a new program.
This means that the child is sharing an address space with other running code.
This can be dangerous if another thread in the parent process
changes credentials (using
since there are now two processes with different privilege levels
running in the same address space.
As an example of the dangers,
suppose that a multithreaded program running as root creates a child using
a thread in the parent process drops the process to an unprivileged user
in order to run some untrusted code
(e.g., perhaps via plug-in opened with
In this case, attacks are possible where the parent process uses
to map in code that will be executed by the privileged child process.
Fork handlers established using
are not called when a multithreaded program employing
the NPTL threading library calls
Fork handlers are called in this case in a program using the
LinuxThreads threading library.
for a description of Linux threading libraries.)
A call to
is equivalent to calling
CLONE_VM | CLONE_VFORK | SIGCHLD
system call appeared in 3.0BSD.
In 4.4BSD it was made synonymous to
but NetBSD introduced it again;
In Linux, it has been equivalent to
until 2.2.0-pre6 or so.
Since 2.2.0-pre9 (on i386, somewhat later on
other architectures) it is an independent system call.
Support was added in glibc 2.0.112.
Details of the signal handling are obscure and differ between systems.
The BSD man page states:
"To avoid a possible deadlock situation, processes that are children
in the middle of a
are never sent
signals; rather, output or
are allowed and input attempts result in an end-of-file indication."
This page is part of release 4.15 of the Linux
A description of the project,
information about reporting bugs,
and the latest version of this page,
can be found at
- Standard description
- Linux description
- Historic description
- CONFORMING TO
- Linux notes
- SEE ALSO
This document was created by
using the manual pages.
Time: 16:32:26 GMT, September 22, 2018