系统调用之fork()用法及陷阱

Fork System Call

The fork system call is used to create a new processes. The newly created process is the child process. The process which calls fork and creates a new process is the parent process. The child and parent processes are executed concurrently.

But the child and parent processes reside on different memory spaces. These memory spaces have same content and whatever operation is performed by one process will not affect the other process.

When the child processes is created; now both the processes will have the same Program Counter (PC), so both of these processes will point to the same next instruction. The files opened by the parent process will be the same for child process.

The child process is exactly the same as its parent but there is difference in the processes ID’s:

1. The process ID of the child process is a unique process ID which is different from the ID’s of all other existing processes.
2. The Parent process ID will be the same as that of the process ID of child’s parent.

Properties of Child Process

The following are some of the properties that a child process holds:

1. The CPU counters and the resource utilizations are initialized to reset to zero.
2. When the parent process is terminated, child processes do not receive any signal because PR_SET_PDEATHSIG attribute in prctl() is reset.
3. The thread used to call fork() creates the child process. So the address of the child process will be the same as that of parent.？
4. The file descriptor of parent process is inherited by the child process. For example the offset of the file or status of flags and the I/O attributes will be shared among the file descriptors of child and parent processes. So file descriptor of parent class will refer to same file descriptor of child class.
5. The open message queue descriptors of parent process are inherited by the child process. For example if a file descriptor contains a message in parent process the same message will be present in the corresponding file descriptor of child process. So we can say that the flag values of these file descriptors are same.
6. Similarly open directory streams will be inherited by the child processes.
7. The default Timer slack value of the child class is same as the current timer slack value of parent class.？

Properties that are not inherited by Child process

The following are some of the properties that are not inherited by a child process:

1. Memory locks
2. The pending signal of a child class is empty.
3. Process associated record locks (fcntl())
4. Asynchronous I/O operations and I/O contents.
5. Directory change notifications.
6. Timers such as alarm(), setitimer() are not inherited by the child class.

fork() in C

There are no arguments in fork() and the return type of fork() is integer. You have to include the following header files when fork() is used:

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>

When working with fork(), <sys/types.h> can be used for type pid_t for processes ID’s as pid_t is defined in <sys/types.h>.

The header file <unistd.h> is where fork() is defined so you have to include it to your program to use fork().

The return type is defined in <sys/types.h> and fork() call is defined in <unistd.h>. Therefore, you need to include both in your program to use fork() system call.

Syntax of fork()

The syntax of fork() system call in Linux, Ubuntu is as follows:

pid_t fork(void);

In the syntax the return type is pid_t. When the child process is successfully created, the PID of the child process is returned in the parent process and 0 will be returned to the child process itself.

If there is any error then -1 is returned to the parent process and the child process is not created.

　　No arguments are passed to fork().

Example 1: Calling fork()

Consider the following example in which we have used the fork() system call to create a new child process:

CODE:

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
    fork();
    printf("Using fork() system call\n");
    return ;
}

OUTPUT:

Using fork() system call
Using fork() system call

In this program, we have used fork(), this will create a new child process. When the child process is created, both the parent process and the child process will point to the next instruction (same Program Counter). In this way the remaining instructions or C statements will be executed the total number of process times, that is 2ⁿ times, where n is the number of fork() system calls.

So when the fork() call is used one time as above (2¹ = 2) we will have our output 2 times.

Here when the fork() system call is used, the internal structure will look like:

Consider the following case in which the fork() is used 4 times:

CODE:

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
    fork();
    fork();
    fork();
    fork();
    printf("Using fork() system call");
    return ;
}

Output:

Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call
Using fork() system call

Now the total number of process created are 24 = 16 and we have our print statement executed 16 times.

Example 2: Testing if fork() was successful

In the following example we have used the decision making construct to test the value (int) returned by fork(). And the corresponding messages are displayed:

CODE:

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
    pid_t p;
    p = fork();
    if(p==-)
    {
        printf("There is an error while calling fork()");
    }
    if(p==)
    {
        printf("We are in the child process");
    }
    else
    {
        printf("We are in the parent process");
    }
    return ;
}

OUTPUT:

We are in the parent process
We are in the child process

In the above example we have used the type pid_t which will store the return value of fork(). fork() is called on line:

p = fork();

So the integer value returned by fork() is stored in p and then p is compared to check if our fork() call was successful.

When the fork() call is used and child is created successfully, the id of child process will be returned to parent process and 0 will be returned to the child process.The ID of child process in Parent process will not be the same as the ID of child process in child process itself. In child process the ID of child process will be 0.

With this tutorial you can see how to get started with the fork system call in linux.

原文摘抄自：https://linuxhint.com/fork-system-call-linux/

How to make parent wait for all child processes to finish?

pid_t child_pid, wpid;
int status = ;

//Father code (before child processes start)

for (int id=; id<n; id++) {
    if ((child_pid = fork()) == ) {
        //child code
        exit();
    }
}

while ((wpid = wait(&status)) > ); // this way, the father waits for all the child processes 

//Father code (After all child processes end)

wait waits for a child process to terminate, and returns that child process's pid. On error (eg when there are no child processes), -1 is returned. So, basically, the code keeps waiting for child processes to finish, until the waiting errors out, and then you know they are all finished.

摘抄自：https://stackoverflow.com/questions/19461744/how-to-make-parent-wait-for-all-child-processes-to-finish

CoW (copy on write)

To save time on fork, the kernel only duplicate its mapping. For example we have 100 pages mapping for the array , the kernel will duplicate the TLB entries and change all the mapping to read only. If both processes only read, they work with shared memory but when one process try to write, it creates a page fault, the kernel trap handler copy the page and change the permission to read-write returning the program counter to the previous statement to try again.

If we measure the time of the first assignment , we will get a longer time:

        ...
    x=fork();
    if(x>){
                arr[]=; // page fault, copy page and update TLB
                arr[]=; // one memory access
        wait(&status);
        }

To test this using Ubuntu 64 bit we add a simple assembly function

#include<stdio.h>
#include <sys/types.h>
#include <sys/wait.h>

static __inline__ unsigned long long rdtsc(void)
{
    unsigned hi, lo;
    __asm__ __volatile__ ("rdtsc" : "=a"(lo), "=d"(hi));
    return ( (unsigned long long)lo)|( ((unsigned long long)hi)<< );
}

void main(void)
{
    int x,status;
    long long t1,t2,t3,t4;
    int arr[]={,,,,};
    x=fork();
    if(x>){
        t1=rdtsc();
        arr[]=;
        t2=rdtsc();
        arr[]=;
        t3=rdtsc();
        arr[]=;
        t4=rdtsc();

        printf("t1=%lld\n",t1);
        printf("t2=%lld\n",t2);
        printf("t3=%lld\n",t3);
        printf("t4=%lld\n",t4);
        wait(&status);
    }
    else
    {
        printf("child \n");
        exit();
    }
    puts("parent only");
}

Output:

t1=
t2=
t3=
t4=

t1=
t2=
t3=
t4=

 

 

As you can see from the output , the first time we write take 3 times longer as a result of a page fault.

Fail to fork?

fork fails in some situations: if we reached the maximum user processes allowed (see ulimit -a) , out of memory, no MMU and more (see man page)

It also fails if the parent process consume more than 50% of the system memory. Let take an example:

void main(void)
{
int x,status;
int arr1[];
puts("bye");
memset(arr1,,sizeof(arr1));
x=fork();
        ...
}

The program declares a 200MB array and clear it using memset to make it map to physical memory. As we saw, on fork the memory is not duplicate but the system check if we have the required free memory in case the child will write. If the system doesn’t have 200MB free, fork will fail

The above behaviour can create a strange bug in the following situation:

• The parent fill a 200MB array and fork
• On fork, the system has 250MB free – fork returns successfully
• As a result of Copy on write mechanism , the memory is not consumed
• Another process consume 200MB
• The child process access the array elements and while trying to handle the page faults the kernel crashed

Lets test it on Qemu image with 512MB:

# cat /proc/meminfo

Code Example:

#include<stdio.h>
#include <sys/types.h>
#include <sys/wait.h>

void main(void)
{
    int x,status;
    int arr1[];
    memset(arr1,,sizeof(arr1));
    x=fork();
    if(x>){
        printf("fork returned:%d\n",x);
        wait(&status);
    else
    {
        int i,r;
        for(i=;i<;i++){
            memset(arr1+i*,,);
            sleep();
            puts("mem");
        }
    }
}

 

Run this program and after fork:

 

# cat /proc/meminfo

We can see the only 200MB consumed. Now run a simple program to consume more memory:

void main(void)
{
    int x,status;
    int arr1[];
    puts("bye");
    memset(arr1,,sizeof(arr1));
    sleep();
}

 

 

and check again:

# cat /proc/meminfo

Now the child write to 4MB every 30 seconds and make a copy of the pages , when it will reach the system limit (100MB only) we will see a kernel oops:

 

app invoked oom-killer: gfp_mask=0x24200ca(GFP_HIGHUSER_MOVABLE), nodemask=, order=, oom_score_adj=
app cpuset=/ mems_allowed=
CPU:  PID:  Comm: app Not tainted 4.9. #
Hardware name: ARM-Versatile Express
[<8011196c>] (unwind_backtrace) from [<8010cf2c>] (show_stack+0x20/0x24)
[<8010cf2c>] (show_stack) from [<803d32a4>] (dump_stack+0xac/0xd8)
[<803d32a4>] (dump_stack) from [<8023da88>] (dump_header+0x8c/0x1c4)
[<8023da88>] (dump_header) from [<801ef464>] (oom_kill_process+0x3a8/0x4b0)
[<801ef464>] (oom_kill_process) from [<801ef8c0>] (out_of_memory+0x124/0x418)
[<801ef8c0>] (out_of_memory) from [<801f48b4>] (__alloc_pages_nodemask+0xd6c/0xe0c)
[<801f48b4>] (__alloc_pages_nodemask) from [<>] (wp_page_copy+0x78/0x580)
[<>] (wp_page_copy) from [<8021a630>] (do_wp_page+0x148/0x670)
[<8021a630>] (do_wp_page) from [<8021cdd8>] (handle_mm_fault+0x33c/0xb00)
[<8021cdd8>] (handle_mm_fault) from [<>] (do_page_fault+0x26c/0x384)
[<>] (do_page_fault) from [<>] (do_DataAbort+0x48/0xc4)
[<>] (do_DataAbort) from [<8010dec4>] (__dabt_usr+0x44/0x60)
Exception stack(0x9ecc3fb0 to 0x9ecc3ff8)
3fa0:                                     77aaa7f8  0007c0f0 77dff000
3fc0:   000084a0    2b095000 7e94ad04
3fe0:  722ed8f8  2b13c158  ffffffff
Mem-Info:
active_anon: inactive_anon: isolated_anon:
active_file: inactive_file: isolated_file:
unevictable: dirty: writeback: unstable:
slab_reclaimable: slab_unreclaimable:
mapped: shmem: pagetables: bounce:
free: free_pcp: free_cma:
Node  active_anon:499920kB inactive_anon:8kB active_file:92kB inactive_file:124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:184kB dirty:0kB writeback:0kB shmem:32kB writeback_tmp:0kB unstable:0kB pages_scanned: all_unreclaimable? no
Normal free:2852kB min:2856kB low:3568kB high:4280kB active_anon:499920kB inactive_anon:8kB active_file:92kB inactive_file:124kB unevictable:0kB writepending:0kB present:524288kB managed:510824kB mlocked:0kB slab_reclaimable:1828kB slab_unreclaimable:2392kB kernel_stack:344kB pagetables:1292kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB
lowmem_reserve[]:
Normal: *4kB (UE) *8kB (UME) *16kB (UME) *32kB (U) *64kB (UM) *128kB (UM) *256kB (M) *512kB *1024kB *2048kB (U) *4096kB = 2852kB
 total pagecache pages
 pages in swap cache
Swap cache stats: add , delete , find /
Free swap  = 0kB
Total swap = 0kB
 pages RAM
 pages HighMem/MovableOnly
 pages reserved
 pages cma reserved
[ pid ]   uid  tgid total_vm      rss nr_ptes nr_pmds swapents oom_score_adj name
[  ]                                                          syslogd
[  ]                                                          klogd
[  ]                                                         sh
[  ]                                                  app
[  ]                                                  app
[  ]                                                  eat
Out of memory: Kill process  (app) score  or sacrifice child
Killed process  (app) total-vm:204744kB, anon-rss:203180kB, file-rss:72kB, shmem-rss:0kB
oom_reaper: reaped process  (app), now anon-rss:4kB, file-rss:0kB, shmem-rss:0kB

We can see the oops generated on a page fault (do_page_fault)

To avoid such cases we need to pre fault the array (read and write its content at least one element per page) immediately after fork.

Files are not duplicated on fork

It is important to understand that file descriptor object are not duplicated on fork. In this way we can share resources between the child and the parent. All the anonymous objects (pipes, shared memory, etc.) can only be shared using the file descriptor. One way (the easy way) is declaring the resource before forking and the other way is sending the file descriptor using unix domain socket. If we open a regular file the child and the parent are using the same kernel object i.e. position, flags, permission and more are shared:

Example:

#include <stdio.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <fcntl.h>

void main(void)
{
    int x,status,fd;
    fd=open("./syslog1",O_RDWR);
    x=fork();
    if(x>){
        char buf[];
        read(fd,buf,);
        buf[]='\0';
        puts(buf);
        wait(&status);
    }
    else
    {
        char buf[];
        sleep();
        read(fd,buf,);
        buf[]='\0';
        puts(buf);
        exit();
    }
}

 

We open a file, read 29 chars on the parent and 29 chars on the child, the parent update the position so the child is reading where the parent ended:

Output:

 

Dec  :: developer-vir
tual-machine rsyslogd: [origi

Parent-child with different code

Sometimes we need 2 processes with parent and child relation (to send signals or share resource) but they have completely different code. In a wireless router for example we have a routing control process and a web server. We want the web server process to send a signal to the router control every time the configuration changes. We can use fork with execve to implement it:

For example: 2 processes using pipe for communication:

Parent app:

#include<stdio.h>
#include<unistd.h>
#include<stdlib.h>

int main(int argc,char *argv[])
{
    char buf[]="hello";
    int fd,i=;
    fd = atoi(argv[]);
    puts("parent started:");
    while()
    {
        i++;
        sprintf(buf,"hello:%d",i);
        write(fd,buf,);
        sleep();
    }
    return ;
}

 

Compile it and call the executable parent_app

Child app:

#include<stdio.h>
#include<unistd.h>
#include<stdlib.h>

int main(int argc,char *argv[])
{
    char buf[];
    int fd;
    puts("child started");
    fd = atoi(argv[]);
    while()
    {
        read(fd,buf,);
        puts(buf);
    }
    return ;
}

 

compile it and call it child_app

Now write the code to connect them:

#include<stdio.h>
#include<unistd.h>

int main()
{
    int arr[];
    char argv[];
    pipe(arr);
    if(fork())
    {
        puts("starting parent");
        close(arr[]);
        sprintf(argv,"%d",arr[]);
        execlp("./parent_app",argv,NULL);
    }
    else
    {
        puts("starting child");
        close(arr[]);
        sprintf(argv,"%d",arr[]);
        execlp("./child_app",argv,NULL);
    }
    return ;
}

 关于 execlp用法：https://stackoverflow.com/questions/21558937/i-do-not-understand-how-execlp-works-in-linux

 

compile and run it (placing the previous executables in the same directory)

We create a pipe, on the parent we close the read fd and move the write fd as a parameter to the main , on the child we do the opposite

Note that in this design if we want to change the communication type to use unix domain socket (or any other object base on file descriptor) we only need to change and compile the last program.

上述章节摘抄自：https://devarea.com/linux-fork-system-call-and-its-pitfalls/