Failure to launch external commands due to race condition in 'posix_spawn' usage

[aweeraman]

There has been a bug report of an exec format error when executing "cat TODO | while read line; do ls; done".

Ref:

• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965072
• https://bugs.launchpad.net/ubuntu/+source/ksh/+bug/1887863

I was able to reproduce this issue on 93u+m 2020-07-14 and it appears to be an issue at least since 93u+ 2012-08-01.

$ cat TODO
1
2
$ cat TODO | while read line; do ls; done
ls: ls: cannot execute [Exec format error]
ls: ls: cannot execute [Exec format error]

Tagging @chrisbertin and @mirabilos - reporters of the issue.

[posguy99]

Can't reproduce it here on macOS 10.14.6..

[02:28 PM][ttys001][~/ksh-test]
[34] iMac $ echo $KSH_VERSION
Version AJM 93u+m 2020-07-16
[02:29 PM][ttys001][~/ksh-test]
[35] iMac $ cat TODO
1
2
[02:29 PM][ttys001][~/ksh-test]
[36] iMac $ cat TODO | while read line; do ls; done
TODO
TODO
[02:29 PM][ttys001][~/ksh-test]
[37] iMac $ /bin/ksh
[02:29 PM][ttys001][~/ksh-test]
[38] iMac $ echo $KSH_VERSION
Version AJM 93u+ 2012-08-01
[02:29 PM][ttys001][~/ksh-test]
[39] iMac $ cat TODO
1
2
[02:29 PM][ttys001][~/ksh-test]
[40] iMac $ cat TODO | while read line; do ls; done
TODO
TODO
[02:29 PM][ttys001][~/ksh-test]
[41] iMac $ 

The slightly different test in the Ubuntu bug doesn't fail either.

[mirabilos]

Marc Wilson dixit:

Can't reproduce it here on macOS 10.14.6..

According to the reporter, they get a working ksh93 if they disable posix_spawn configure option so it may be a, very widespread, bug in GNU libc (Linux/kFreeBSD/Hurd-only, I presume).

[JohnoKing]

According to the reporter, they get a working ksh93 if they disable posix_spawn configure option so it may be a, very widespread, bug in GNU libc (Linux/kFreeBSD/Hurd-only, I presume).

I can confirm that disabling posix_spawn causes this bug to go away. OpenSUSE disables it in their build of ksh with a patch titled ksh-qemu.patch, which implies there is another bug related to posix_spawn that affects QEMU.

[McDutchie]

On macOS, the compiler flags used by the Apple version (which I've incorporated into src/cmd/INIT/cc.darwin) disable SHOPT_SPAWN. I can confirm that, if I change that flag to -DSHOPT_SPAWN=1 and recompile from scratch, I can reproduce this bug on the Mac.

I can also reproduce this bug on FreeBSD, on which SHOPT_SPAWN is not disabled by default.

Neither of these two systems use GNU libc, so it seems likely that this is a bug in ksh and not in any C library. Does anyone here have an idea how to fix it?

Alternatively, I wonder if there would be any disadvantage to simply removing the use of posix_spawn altogether.

[McDutchie]

Minimal reproducer for regression test:

printf '%s\n' 1 2 3 | while read line; do ls /dev/null; done

Normal output:

/dev/null
/dev/null
/dev/null

Bug output:

/dev/null
ls: ls: cannot execute [Exec format error]
ls: ls: cannot execute [Exec format error]

[McDutchie]

Well, I think the advantage of using posix_spawn(2) is made clear by the following:

$ arch/*/bin/ksh -c 'time for ((i=1; i<=10000; i++)); do /usr/bin/true; done'

real	0m22,02s
user	0m07,42s
sys	0m11,15s
$ ./ksh_SHOPT_SPAWN -c 'time for ((i=1; i<=10000; i++)); do /usr/bin/true; done'

real	0m13,66s
user	0m04,43s
sys	0m07,66s

So it would be really nice if someone could figure out how to fix ksh's use of posix_spawn.

[chrisbertin]

A few observations: If input is redirected, instead of piped, no errors. The invalid behavior is not 100% consistent. Running a failing command in a sub-shell works (which is the workaround I have been using). Using built-in commands work. sixt $ cat > /tmp/list 1 2 3 sixt $ while read f; do ls -ld /; done < /tmp/xx drwxr-xr-x 30 root root 4096 Jul 14 08:08 / drwxr-xr-x 30 root root 4096 Jul 14 08:08 / drwxr-xr-x 30 root root 4096 Jul 14 08:08 / sixt $ cat /tmp/list | while read f; do ls -ld /; done drwxr-xr-x 30 root root 4096 Jul 14 08:08 / /bin/ls: /bin/ls: cannot execute [Exec format error] /bin/ls: /bin/ls: cannot execute [Exec format error] sixt $ cat /tmp/list | while read f; do ls -ld /; done /bin/ls: /bin/ls: cannot execute [Exec format error] /bin/ls: /bin/ls: cannot execute [Exec format error] /bin/ls: /bin/ls: cannot execute [Exec format error] sixt $ ksh -c 'cat /tmp/xx | while read f; do ls -ld /; done' drwxr-xr-x 30 root root 4096 Jul 14 08:08 / drwxr-xr-x 30 root root 4096 Jul 14 08:08 / drwxr-xr-x 30 root root 4096 Jul 14 08:08 / sixt $ cat /tmp/list | while read f; do echo $f /; done 1 / 2 / 3 / sixt $ Chris (chris.bertin@gmail.com or chris.bertin@protonmail.com)

…

On Fri, Jul 17, 2020 at 2:24 PM Anuradha Weeraman ***@***.***> wrote: There has been a bug report of an exec format error when executing "cat TODO | while read line; do ls; done". Ref: - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965072 - https://bugs.launchpad.net/ubuntu/+source/ksh/+bug/1887863 I was able to reproduce this issue on 93u+m 2020-07-14 and it appears to be an issue at least since 93u+ 2012-08-01. $ cat TODO 1 2 $ cat TODO | while read line; do ls; done ls: ls: cannot execute [Exec format error] ls: ls: cannot execute [Exec format error] Tagging @chrisbertin <https://github.com/chrisbertin> and @mirabilos <https://github.com/mirabilos> - reporters of the issue. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#79>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQKGJUJOFTOVXOBFI6ZRDYDR4C6RPANCNFSM4O65E6KA> .

[posguy99]

Is this 2020 bug relevant?

att#470
which leads to
att#468

and the original ast ML discussion:
https://www.mail-archive.com/ast-developers@research.att.com/msg00717.html

[McDutchie]

Thanks @posguy99, yes, that is very relevant indeed.

So that is another problem with using posix_spawn(2): it "doesn't have a way to set the terminal group before the exec()". That might be fine for many use cases, but clearly that's unacceptable behaviour for a shell!

The RATIONALE section of the POSIX spec for posix_spawn(2) also makes for interesting reading. Note that the spec title itself is marked "ADVANCED REALTIME", indicating that this is intended for real-time applications (which a shell very much is not, no matter how fast it is). Some quotes:

[…] although they may be an efficient replacement for many fork()/ exec pairs, their goal is to provide useful process creation primitives for systems that have difficulty with fork(), not to provide drop-in replacements for fork()/ exec.
[…] We can identify several problems with posix_spawn() and posix_spawnp(), but there does not appear to be a solution that introduces fewer problems. Environment modification for child process attributes not specifiable via the attrp or file_actions arguments must be done in the parent process, and since the parent generally wants to save its context, it is more costly than similar functionality with fork()/exec.
[…] The fork() function is a wonderfully powerful operation. We do not expect to duplicate its functionality in a simple, fast function with no special hardware requirements. It is worth noting that posix_spawn() and posix_spawnp() are very similar to the process creation operations on many operating systems that are not UNIX systems.

So, while running /usr/bin/true in a loop might be quite a bit faster, it looks clear that it's not worth the cost in bugs and undefined behaviour. And if you run a command that actually does something, that performance difference quickly approaches insignificance. So, this is another instance where the ksh2020 developers made the right call. We must get rid.

On the plus side, that makes fixing this bug quite simple.

[posguy99]

Pointing out, tho, that if you follow those 2020 bugs all the way through, they lead you back to the performance degradation that was an large part of the original ksh2020 kerfuffle.

[McDutchie]

Agreed. That's not going to happen though.

[JohnoKing]

If posix_spawn is removed it shouldn't be done by removing the SHOPT_SPAWN ifdef; OpenSUSE's patch should be instead. Results from performance testing on my Linux machine (ksh is compiled with CCFLAGS=-O2):

# Normal build with posix_spawn
$ ./ksh-posix-spawn -c 'time for ((i=1; i!=10000; i++)); do /usr/bin/true; done'

real    0m02.03s
user    0m01.73s
sys 0m00.36s

# posix_spawn removed with OpenSUSE's patch
$ ./ksh-no-posix-spawn -c 'time for ((i=1; i!=10000; i++)); do /usr/bin/true; done'

real    0m01.85s
user    0m01.60s
sys 0m00.28s

# SHOPT_SPAWN ifdef removed with unifdef(1)
$ ./ksh-no-shopt-spawn -c 'time for ((i=1; i!=10000; i++)); do /usr/bin/true; done'

real    0m03.15s
user    0m02.37s
sys 0m00.89s

Relevant strace output from ksh -c '/usr/bin/true; /usr/bin/true':

#  Normal build with posix_spawn
getpid()                                = 4296
mmap(NULL, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd12c55f000
rt_sigprocmask(SIG_BLOCK, ~[], [], 8)   = 0 
clone(child_stack=0x7fd12c567ff0, flags=CLONE_VM|CLONE_VFORK|SIGCHLD) = 4297
munmap(0x7fd12c55f000, 36864)           = 0 
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 rt_sigaction(SIGINT, {sa_handler=0x55f8f72bbfd0, sa_mask=[], sa_flags=SA_RESTORER|SA_INTERRUPT, sa_restorer=0x7fd12c39d3e0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0

# posix_spawn removed with OpenSUSE's patch
getpid()                                = 4115
rt_sigprocmask(SIG_BLOCK, [HUP INT QUIT PIPE CHLD], [], 8) = 0
vfork()                                 = 4116
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGINT, {sa_handler=0x56194d18b9f0, sa_mask=[], sa_flags=SA_RESTORER|SA_INTERRUPT, sa_restorer=0x7fb7625d73e0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0

# SHOPT_SPAWN ifdef removed with unifdef(1)
stat(".", {st_mode=S_IFDIR|0755, st_size=130, ...}) = 0
rt_sigaction(SIGCHLD, {sa_handler=0x55e765fe75a0, sa_mask=[], sa_flags=SA_RESTORER|SA_INTERRUPT, sa_restorer=0x7f9afb8523e0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f9afb814e50) = 12221
rt_sigaction(SIGINT, {sa_handler=0x55e765fd9a40, sa_mask=[], sa_flags=SA_RESTORER|SA_INTERRUPT, sa_restorer=0x7f9afb8523e0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0

The OpenSUSE patch causes vfork to be used instead of posix_spawn which appears to increase performance slightly while still fixing the exec format error. Removing SHOPT_SPAWN causes the OS implementation of fork to be used instead of vfork and posix_spawn, which is slower (on Linux fork uses clone, but that doesn't make up for the performance deficit).

[McDutchie]

@JohnoKing: Sounds good to me, but I am having trouble locating the OpenSUSE patch you are referring to. (Their patches are mostly undocumented and their bug tracker is closed to the public.) Could you do a PR that implements that fix?

The only reference to vfork I can find in their patchset is ksh93-disable-vfork.diff which has the ksh.changes entry "disable vfork, use fork instead".

[JohnoKing]

My first post in this thread linked to the patch; it seems you missed it. Here is the full link:
https://build.opensuse.org/package/view_file/shells/ksh/ksh-qemu.patch?expand=1

[hyenias]

Just to be safe and thorough when using vfork, have you all considered vfork's NOTES section and especially the content under Caveats?

[JohnoKing]

Some notes regarding ksh usage of vfork:

• The libast spawnveg function uses the shared memory of vfork to its advantage. There is an iffe feature test for detecting this part of vfork behavior:
  

  ksh/src/lib/libast/features/lib

  Lines 228 to 241 in 37a9c34

  	tst real_vfork note{ vfork child shares data with parent }end execute{
  	_BEGIN_EXTERNS_
  	extern int _exit _ARG_((int));
  	extern int vfork _ARG_((void));
  	_END_EXTERNS_
  	int code;
  	int
  	main()
  	{
  	code = 1;
  	if (!vfork())
  	code = 0;
  	_exit(code);
  	}

• The sigcritical function has a comment about vfork, which is related to the first caveat in the vfork man page.:
  

  ksh/src/lib/libast/misc/sigcrit.c

  Lines 167 to 173 in 37a9c34

  	/*
  	* a vfork() may have intervened so we
  	* allow apparent nesting mismatches
  	*/
  	if (--level <= 0)
  	{

• The multi-threading caveat in the vfork man page isn't relevant because ksh is a single-threaded program. There are multi-threaded ksh plugins, but those are incompatible with vmalloc, which ksh uses instead of standard malloc (see serious performance breakdown of ksh2020 in comparison to ksh93u+ att/ast#1449 (comment)).

[McDutchie]

Right, that all makes sense now, thanks for the explanations. So OpenSUSE's ksh-qemu.patch causes ksh to fall back to using vfork by removing the feature test for posix_spawn, so #if _lib_posix_spawn always yields false.

But it also removes another feature test (lib_poll_fd_2). The _lib_poll_fd_2 result is used just once, in sfhdr.h, to decide whether poll(2) can be used:

ksh/src/lib/libast/sfio/sfhdr.h

Lines 438 to 448 in 37a9c34

	/* functions for polling readiness of streams */
	#if _lib_select
	#undef _lib_poll
	#if _sys_select
	#include <sys/select.h>
	#endif
	#else
	#if _lib_poll_fd_1 || _lib_poll_fd_2
	#define _lib_poll 1
	#endif
	#endif /*_lib_select_*/

I don't understand how that is related to posix_spawn, so I'm thinking we should perhaps keep that test. Am I still missing something?

[JohnoKing]

The lib_poll_fd_2 feature test doesn't need to be removed to fix the posix_spawn related bugs. That change was likely made to fix something specific to QEMU.

[hyenias]

@JohnoKing: Thank you for your review of the vfork caveats. Would it be possible to introduce the vfork implementation so one could selectively compile using vfork, posix_spawn, or fork [something like SHOPT_SPAWN]? I think having the ability to alter the way ksh creates a child process may assist in confirming its use and/or troubleshooting in the future. It also might be helpful to have some feature flag identifying it.

[JohnoKing]

That is definitely doable. I imagine the ifdefs would look like this:

/* SHOPT_SPAWN is used for spawnveg, which can call
   posix_spawn, vfork or fork depending on compile 
   time options. As a result the posix_spawn ifdef is
   SHOPT_POSIX_SPAWN since SHOPT_SPAWN needs to
   be defined for any of this to have much effect. */
#if !defined(SHOPT_POSIX_SPAWN)
#undef _lib_posix_spawn
#endif
#if defined(SHOPT_VFORK) && defined(_lib_vfork)
#undef _lib_posix_spawn
#endif
#if defined(SHOPT_FORK) && defined(_lib_fork)
#undef _lib_vfork
#undef _real_vfork
#undef _lib_posix_spawn
#endif
/* On Linux syscall(2) can be used to get the real fork system call.
   By default fork is a wrapper that calls clone(2). */
#if defined(SHOPT_REAL_FORK) && defined(__linux__)
#undef _lib_vfork
#undef _real_vfork
#undef _lib_posix_spawn
#undef fork
#include <sys/syscall.h>
#define fork syscall(SYS_fork)
#endif

[McDutchie]

I'm not in favour of that. It is now clear that ksh's use of posix_spawn creates inherent race conditions. One such impossible-to-fix race condition was acknowledged by David Korn in 2011 (the "solution" he proposed in that message is no solution at all; we cannot expect people to recompile programs to work around ksh bugs). And another such race condition was reported right here as a bug. Sorry, but I'm against keeping code that is inherently broken.

[McDutchie]

Here are some new tests on my Mac laptop.

With ksh's racy use of posix_spawn:

$ ./ksh_POSIX_SPAWN
$ printf "%s\n" 1 2 3 | while read line; do ls /dev/null; done
/dev/null
ls: ls: cannot execute [Exec format error]
ls: ls: cannot execute [Exec format error]
$ time for ((i=1; i!=10000; i++)); do /usr/bin/true; done

real	0m13,84s
user	0m04,48s
sys	0m08,30s

With ksh's vfork fallback, after applying the patch based on OpenSUSE's:

$ ./ksh_VFORK
$ printf "%s\n" 1 2 3 | while read line; do ls /dev/null; done
/dev/null
/dev/null
/dev/null
$ time for ((i=1; i!=10000; i++)); do /usr/bin/true; done

real	0m13,97s
user	0m04,54s
sys	0m08,39s

…and, for reference, the classic fork/exec that ksh2020 reverted to:

$ ./ksh_FORK
$ printf "%s\n" 1 2 3 | while read line; do ls /dev/null; done
/dev/null
/dev/null
/dev/null
$ time for ((i=1; i!=10000; i++)); do /usr/bin/true; done

real	0m21,76s
user	0m07,23s
sys	0m11,65s

@JohnoKing's Linux tests and my own Mac tests (above) suggest that vfork performs just as well as posix_spawn (if there is any difference, it's lost in the margin of error), and it doesn't have these problems. So in terms of performance, this is not going to be a significant loss at all.

[hyenias]

My suggestion with providing possible compiling options to use one of the 3 methods was not based on performance but troubleshooting. So, if not in favor of having a posix_spawn option; would it still be possible to have a fork option? Or is that already done by using SHOPT_SPAWN?

[McDutchie]

@hyenias, yes – disabling SHOPT_SPAWN (by adding -DSHOPT_SPAWN=0 to the compiler option) will still revert to the classic fork/exec mechanism, just as it does now. The patch causes the AST spawnveg() function to use vfork, but disabling SHOPT_SPAWN causes spawnveg() to not be used at all.

That's what Apple has been doing all along for their /bin/ksh, which is how I know this. I found I had to remove -DSHOPT_SPAWN=0 as a default compiler option from cc.darwin in order for vfork to be used.

[chrisbertin]

vfork() is a pre-VM, or, at least pre-COW, semi-kludge and I thought it would have been retired by now... IMHO... Chris (chris.bertin@gmail.com or chris.bertin@protonmail.com)

…

On Sat, Jul 18, 2020 at 9:00 AM Martijn Dekker ***@***.***> wrote: @hyenias <https://github.com/hyenias>, yes – disabling SHOPT_SPAWN (by adding -DSHOPT_SPAWN=0 to the compiler option) will still revert to the classic fork/exec mechanism, just as it does now. The patch causes the AST spawnveg() function to use vfork, but disabling SHOPT_SPAWN causes spawnveg() to not be used at all. That's what Apple has been doing all along for their /bin/ksh, which is how I know this. I found I had to remove -DSHOPT_SPAWN=0 as a default compiler option from cc.darwin in order for vfork to be used. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#79 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQKGJUO23JAMHYWJYJGFRIDR4HBJDANCNFSM4O65E6KA> .

[McDutchie]

Well, for ksh, it clearly works more correctly than posix_spawn() (as ksh uses that for purposes it was not intended for, which inherently creates race conditions) while being significantly faster than fork(). So, given available evidence, I believe we should keep that. If there are any bugs with using it, hopefully they'll show up in pre-release testing.

It's true that POSIX no longer specifies it. But if systems remove vfork() in future, then iffe should stop detecting it, causing ksh to fall back to fork().

[JohnoKing]

This is the uname output I get:

$ uname -vm
FreeBSD 12.1-RELEASE-p7 GENERIC  amd64

I have FreeBSD running on an old Compaq Presario CQ60-211DX (which runs a single core Intel Celeron) and in a virtual machine running under VirtualBox, with two CPU cores given to the vm (VirtualBox is running on a desktop with an AMD Ryzen 2600 overclocked to 4.05GHz on all six cores, SMT is enabled).

[McDutchie]

Update: After letting it run for a long time, I was able to reproduce the race condition on FreeBSD. It occurred in one out of 1413150 output lines.

[McDutchie]

@JohnoKing, first a question: I've sent you a test email, did you receive it? I think there may be a delivery problem.

Second, something occurred to me. The original bug report above is only reproducible on an interactive shell. So I decided to test for the testprocessgroup.c race condition on FreeBSD from a script. And I can't reproduce it. Can you confirm the race condition cannot be reproduced if the test loop is run from a script?

If so, that opens the door to a workaround: make both the posix_spawn and the vfork version of spawnveg(3) fall back to fork if the shell is interactive. This should be acceptable to the community; scripts are where speed really matters.

[JohnoKing]

@JohnoKing, first a question: I've sent you a test email, did you receive it? I think there may be a delivery problem.

I did receive the email. I also sent a reply.

Second, something occurred to me. The original bug report above is only reproducible on an interactive shell. So I decided to test for the testprocessgroup.c race condition on FreeBSD from a script. And I can't reproduce it. Can you confirm the race condition cannot be reproduced if the test loop is run from a script?

I can confirm that the race condition is not reproducible in scripts with either posix_spawn or vfork; it only occurs in interactive shells (tested on Linux and FreeBSD). This means we can keep using posix_spawn, but only in scripts.

[McDutchie]

More specifically, the culprit turns out to be job control (the m/-o monitor shell option). If you turn that off in an interactive shell, both of these bugs also vanish, in my tests at least.

Conversely, if you set -m in a script, then the bug originally reported here returns, but with a different symptom: instead of an exec format error, the script is suspended on each affected external command invocation, as if you press Ctrl+Z.

[McDutchie]

So, after this slightly desperate megathread, could the fix really be this trivial? Please test…

diff --git a/src/cmd/ksh93/sh/xec.c b/src/cmd/ksh93/sh/xec.c
index 4f99919..0991406 100644
--- a/src/cmd/ksh93/sh/xec.c
+++ b/src/cmd/ksh93/sh/xec.c
@@ -1587,7 +1587,7 @@ int sh_exec(register const Shnode_t *t, int flags)
 #else
 #if SHOPT_SPAWN
 #   ifdef _lib_fork
-                               if(com)
+                               if(com && !job.jobcontrol)
                                        parent = sh_ntfork(shp,t,com,&jobid,ntflag);
                                else
                                        parent = sh_fork(shp,type,&jobid);

[JohnoKing]

That patch is an effective fix for the race conditions, at least from my own testing.

[McDutchie]

I think it makes sense now. If job control is not active, the terminal process group ID never needs to be set; child processes simply inherit the terminal group from the parent.

However, with job control active, each child process spawned from the main shell environment (not subshells) needs to be in its own terminal process group, or you can't separate the jobs from each other. But you can't do this with posix_spawn. Hence this bug.

So it's clear that this posix_spawn usage is incompatible with job control and that is why this is so trivial to fix/avoid.

What I don't understand is why it doesn't fail consistently.

[aweeraman]

This is brilliant, @McDutchie @JohnoKing et al. Thanks for your persistence!

@chrisbertin and @mirabilos - this will be included in the next upload fairly shortly.

[McDutchie]

@aweeraman, hold off a little – this fix exposes a variant of #86 that only occurs with job control active. I'm working out a good way to fix it.

[posguy99]

macOS Monterey is apparently deprecating vfork() in favor of posix_spawn()?

textmate/textmate@ee585ca

https://bugs.openjdk.java.net/browse/JDK-8274293

https://www.reddit.com/r/emacs/comments/qp2sxf/anyone_with_macos_monterey_on_an_m1/

[McDutchie]

Thanks @posguy99, vfork() has been deprecated for a long time on some other systems, but it doesn't matter as ksh already uses posix_spawn() in preference to vfork(), so vfork() is only used as a fallback for old systems where posix_spawn() is not available.

[JohnoKing]

I'll note that there is currently a patch that adds a POSIX_SPAWN_TCSETPGROUP flag to glibc: https://patchwork.sourceware.org/project/glibc/patch/20211223173003.1037286-1-adhemerval.zanella@linaro.org

If that patch gets merged into glibc's upstream codebase then perhaps we could use that flag to safely avoid usage of fork() in interactive shells.

[zatrazz]

I'll note that there is currently a patch that adds a POSIX_SPAWN_TCSETPGROUP flag to glibc: https://patchwork.sourceware.org/project/glibc/patch/20211223173003.1037286-1-adhemerval.zanella@linaro.org

If that patch gets merged into glibc's upstream codebase then perhaps we could use that flag to safely avoid usage of fork() in interactive shells.

I just merge this patch [1] and it will be included on glibc 2.35.

[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=342cc934a3bf74ac618e2318d738f22ac93257ba