← Back to context

Comment by asveikau

1 day ago

I'm not talking about glibc implementation details. I'm talking about how mixing fork(2) with threads creates harmful race conditions.

The forked child has only 1 thread in its process. If the parent's threads are holding a lock or are in the middle of mutating a shared data structure, you're fucked, because those threads are no longer running in your child's copy of the address space and will not finish their work. This issue is fundamental to how threads work and what fork(2) does.

3 comments

asveikau

Reply
loeg  1 day ago

Again, you're talking about userspace now. Not kernel-imposed constraints. A userspace program is always free to deadlock itself; fork doesn't change that.

  • asveikau  20 hours ago

    Just want to come back with a simple example.

    This means if the program is multi threaded, you cannot rely on calling malloc in the child, because at the time of the fork another thread could have happened to be inside malloc doing manipulations on the global heap.

    Which means, practically speaking, "don't allocate memory between fork and exec".

    If you want to be overly literal as you have been, you can call mmap and it will give you new pages, but who is really doing that? Not the random shared library code you might want to call into. Hell, even a lot of libc calls malloc.

    Which means it's not safe to do a random library call between fork and exec.

    See where I'm going with this? That's if your program is multi threaded. If it isn't, these things are most likely fine.

  • asveikau  1 day ago

    I never said it was a kernel imposed constraint. It remains unsafe behavior, and frankly you'd be stupid to ignore it if you want to write a stable multi threaded program. In colloquial shorthand, you can't do it.

    Signal safety is not the same as this, but similar. I believe posix specifies what is signal-unsafe to be overly broad. But the unsafety isn't an illusion -- it's an emergent property from something being a bad idea given the primitives at work, there are broad categories of bugs that are easy to introduce due to the way it works. So for signals, posix declares a bunch of ill advised things to be undefined, and with good reason. This is an analogous scenario.