Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp5114770yba;
        Tue, 30 Apr 2019 09:21:20 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwbNy9tHtntT9E35alcPu3wUd1bnrqoeRBrWPaZ3GzZg5/y8UbqsiQXJvhmIEGrEYN5sRma
X-Received: by 2002:aa7:8190:: with SMTP id g16mr25812201pfi.92.1556641280657;
        Tue, 30 Apr 2019 09:21:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556641280; cv=none;
        d=google.com; s=arc-20160816;
        b=Nln7yvxC5iLulS3MIMgq1ye7AMeotbahyGwRtoXUwqhnHj1AeziXvJanxeNzQ+nuQ5
         s+nPSMjUcMsAZOjHGDqX4mKvpUHtBo2G+2A/lhbON7vHS8J5CMe6zXw78pQtAvuK1rwG
         xXrzuPFoMIRuJ4hyZpBwiHQolmNvnxghLvDqhFQ1Yc/fKwjixllylB7UxV7cNxSVjQSO
         H4n8TcfqptXAShIbWzYBW+6Sj+/jwgNwnYSL2+O1cQkFcsbaZUDkEO9XVf97LQdZkEjk
         baTkufsI8HrUUj8dklROVtNv/xNHUv/zaVfFldtMFnqUoOm6Z3RuwpZg21EvOND4vMxF
         mheA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=I0mkWPXxdneoX6ZtNfTUi9Tvo+w8cp5wN8Xc0PEQw60=;
        b=NPHuqWe59rfjICZb7v20TNXbtTkXeDYWBZcWf24o+uJHf9f5Vql65a+apZ1EjoKuYh
         34JVG/6wDlqyUEebnWRo07EvOuWWZ6tsZJT1weXFkj3CF/vB6QPu1NnaXjM4vHjf9YK+
         p6LdAdhDkCXASC8+WChUhHWSzhU96ptyl39att9ghDQdpRTV5HYuBDOJ/Ors+79pgKi8
         hdIzMViZOD11I+AgLe7iW6iKdOX0VkzaBzyOL0nanIuFfCdH3cp/lwoX4tJV27osmoB3
         eYpA9xnICyLJWEDcaOafBOhd2tsECZcT9RwG/Ck65AUimj66Lyx5WP2U/3HI2XHVH5Ld
         jDSg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=EbjP++XK;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e35si39188291plb.38.2019.04.30.09.21.03;
        Tue, 30 Apr 2019 09:21:20 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=EbjP++XK;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726209AbfD3QTc (ORCPT <rfc822;1990.zhangzhen@gmail.com>
        + 99 others); Tue, 30 Apr 2019 12:19:32 -0400
Received: from mail-lf1-f67.google.com ([209.85.167.67]:36840 "EHLO
        mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725976AbfD3QTc (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Apr 2019 12:19:32 -0400
Received: by mail-lf1-f67.google.com with SMTP id u17so11360072lfi.3
        for <linux-kernel@vger.kernel.org>; Tue, 30 Apr 2019 09:19:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=I0mkWPXxdneoX6ZtNfTUi9Tvo+w8cp5wN8Xc0PEQw60=;
        b=EbjP++XKgHxEkneKGZLizrtbM/P7rph4iLyi00CwA3AQOQ0XrmvNGA7c0yA2ueK8Uz
         mygblbiGSrjljLAhCMoYE5sU13o9Bt+rMjweu0Grl3dyGako9+M+H/dusOy0YkCu4M0r
         3R5BK1XDGR+K6UwjSp6+/jpIH7TevLCGc14QE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=I0mkWPXxdneoX6ZtNfTUi9Tvo+w8cp5wN8Xc0PEQw60=;
        b=kKO64+hiTqueQTTUq2/jI3ZUdfRCifbfkOk5LOyx94MgwdnWxPpVAYZstM02FTF/Tz
         y+dUo4FY0rGT150MFwqDJWFXEcB7AmyHCkDGUs9/GZOfa8g1Ux6rmv0mQFfN6jn6WI5U
         F9TymNuPnOU8cXrp4JICDS/1WlVFdTQM0QWkvdbr9GPvrUAp6wUfnQGmOrmwOVNMFgmz
         2Q8M37OxiJWNtCSte/fSCxQszxEF09q/PIGGOFKtgykB4fFsAlHranbXbEO3V/6q9hHZ
         +dQc5QUc5uD7400XwMzm/XUu3drU9OPvo4veh6AG1PW8pK0hsc0AQTnjvNGZm3lWnpZo
         GNDw==
X-Gm-Message-State: APjAAAUBFc8jFQV2GOiUtXRvqr4Koi2p/wt+gwuMCBVxOwebcKwISJku
        DWcp5iWPm5l8wYkKZDznCEjKL7w8Wug=
X-Received: by 2002:a19:f24c:: with SMTP id d12mr36292500lfk.163.1556641169781;
        Tue, 30 Apr 2019 09:19:29 -0700 (PDT)
Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com. [209.85.208.175])
        by smtp.gmail.com with ESMTPSA id p19sm8014395lfc.48.2019.04.30.09.19.26
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 30 Apr 2019 09:19:27 -0700 (PDT)
Received: by mail-lj1-f175.google.com with SMTP id h21so13323955ljk.13
        for <linux-kernel@vger.kernel.org>; Tue, 30 Apr 2019 09:19:26 -0700 (PDT)
X-Received: by 2002:a2e:5dd2:: with SMTP id v79mr37367875lje.22.1556641166346;
 Tue, 30 Apr 2019 09:19:26 -0700 (PDT)
MIME-Version: 1.0
References: <20190414201436.19502-1-christian@brauner.io> <dc05ffe3-c2ff-8b3e-d181-e0cc620bf91d@metux.net>
 <20190415195911.z7b7miwsj67ha54y@yavin> <CALCETrWxMnaPvwicqkMLswMynWvJVteazD-bFv3ZnBKWp-1joQ@mail.gmail.com>
 <20190420071406.GA22257@ip-172-31-15-78> <CAG48ez0gG4bd-t1wdR2p6-N2FjWbCqm_+ZThKfF7yKnD=KLqAQ@mail.gmail.com>
 <CAG48ez15bf1EJB0XTJsGFpvf8r5pj9+rv1axKVr13H1NW7ARZw@mail.gmail.com>
 <CAHk-=wi_N81mKYFz33ycoWiL7_tGbZBMJOsAs16inYzSza+OEw@mail.gmail.com>
 <CAG48ez1CV54c1xZ9s26ym=9avkihiNi=ppW-CWA1-qrCpYdc1A@mail.gmail.com>
 <CAHk-=wg73au-kvOwWpPDY+rXrz8O5gwrcPiw1FZx-Qr2PqpRFg@mail.gmail.com> <87r29jaoov.fsf@oldenburg2.str.redhat.com>
In-Reply-To: <87r29jaoov.fsf@oldenburg2.str.redhat.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Tue, 30 Apr 2019 09:19:10 -0700
X-Gmail-Original-Message-ID: <CAHk-=wiM8VQ_Ny6Y=fTqE9Aq1LuDdU5bKfnXPyYXU1bi7GtU4w@mail.gmail.com>
Message-ID: <CAHk-=wiM8VQ_Ny6Y=fTqE9Aq1LuDdU5bKfnXPyYXU1bi7GtU4w@mail.gmail.com>
Subject: Re: RFC: on adding new CLONE_* flags [WAS Re: [PATCH 0/4] clone: add CLONE_PIDFD]
To:     Florian Weimer <fweimer@redhat.com>
Cc:     Jann Horn <jannh@google.com>, Kevin Easton <kevin@guarana.org>,
        Andy Lutomirski <luto@kernel.org>,
        Christian Brauner <christian@brauner.io>,
        Aleksa Sarai <cyphar@cyphar.com>,
        "Enrico Weigelt, metux IT consult" <lkml@metux.net>,
        Al Viro <viro@zeniv.linux.org.uk>,
        David Howells <dhowells@redhat.com>,
        Linux API <linux-api@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Arnd Bergmann <arnd@arndb.de>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Kees Cook <keescook@chromium.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Oleg Nesterov <oleg@redhat.com>,
        Joel Fernandes <joel@joelfernandes.org>,
        Daniel Colascione <dancol@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 30, 2019 at 1:21 AM Florian Weimer <fweimer@redhat.com> wrote:
>
> > (In fact, if I recall correctly, the _reason_ we have an explicit
> > 'vfork()' entry point rather than using clone() with magic parameters
> > was that the lack of arguments meant that you didn't have to
> > save/restore any registers in user space, which made the whole stack
> > issue simpler. But it's been two decades, so my memory is bitrotting).
>
> That's an interesting point.  Using a callback-style interface avoids
> that because you never need to restore the registers in the new
> subprocess.  It's still appropriate to use an assembler implementation,
> I think, because it will be more obviously correct.

I agree that a callback interface would have been a whole lot more
obvious and less prone to subtle problems.

But if you want vfork() because the programs you want to build use it,
that's the interface you need..

Of course, if you *don't* need the exact vfork() semantics, clone
itself actually very much supports a callback model with s separate
stack. You can basically do this:

 - allocate new stack for the child
 - in trivial asm wrapper, do:
    - push the callback address on the child stack
    - clone(CLONE_VFORK|CLONE_VM|CLONE_SIGCHLD, chld_stack, NULL, NULL,NULL)
    - "ret"
 - free new stack

where the "ret" in the child will just go to the callback, while the
parent (eventually) just returns from the trivial wrapper and frees
the new stack (which by definition is no longer used, since the child
has exited or execve'd.

So you can most definitely create a "vfork_with_child_callback()" with
clone, and it would arguably be a much superior interface to vfork()
anyway (maybe you'd like to pass in some arguments to the callback too
- add more stack setup for the child as needed), but it wouldn't be
the right solution for programs that just want to use the standard BSD
vfork() model.

> vfork is also more benign from a memory accounting perspective.  In some
> environments, it's not possible to call fork from a large process
> because the accounting assumes (conservatively) that the new process
> will dirty a lot of its private memory.

Indeed.

                 Linus