diff --git a/third_party/nix/src/libstore/build.cc b/third_party/nix/src/libstore/build.cc index da35388d8..74db67e86 100644 --- a/third_party/nix/src/libstore/build.cc +++ b/third_party/nix/src/libstore/build.cc @@ -2342,8 +2342,6 @@ void DerivationGoal::startBuilder() { userNamespaceSync.create(); - options.allowVfork = false; - Pid helper = startProcess( [&]() { /* Drop additional groups here because we can't do it @@ -2443,7 +2441,6 @@ void DerivationGoal::startBuilder() { #endif { fallback: - options.allowVfork = !buildUser && !drv->isBuiltin(); pid = startProcess([&]() { runChild(); }, options); } diff --git a/third_party/nix/src/libutil/util.cc b/third_party/nix/src/libutil/util.cc index bb6a17e03..b97624e58 100644 --- a/third_party/nix/src/libutil/util.cc +++ b/third_party/nix/src/libutil/util.cc @@ -859,7 +859,6 @@ void killUser(uid_t uid) { fork a process, switch to uid, and send a mass kill. */ ProcessOptions options; - options.allowVfork = false; Pid pid = startProcess( [&]() { @@ -897,16 +896,19 @@ void killUser(uid_t uid) { ////////////////////////////////////////////////////////////////////// -/* Wrapper around vfork to prevent the child process from clobbering - the caller's stack frame in the parent. */ -static pid_t doFork(bool allowVfork, const std::function& fun) - __attribute__((noinline)); -static pid_t doFork(bool allowVfork, const std::function& fun) { +/* + * Please note that it is not legal for this function to call vfork(). If the + * process created by vfork() returns from the function in which vfork() was + * called, or calls any other function before successfully calling _exit() or + * one of the exec*() family of functions, the behavior is undefined. + */ +static pid_t doFork(const std::function& fun) __attribute__((noinline)); +static pid_t doFork(const std::function& fun) { #ifdef __linux__ - pid_t pid = allowVfork ? vfork() : fork(); -#else - pid_t pid = fork(); + // TODO(kanepyork): call clone() instead for faster forking #endif + + pid_t pid = fork(); if (pid != 0) { return pid; } @@ -938,7 +940,7 @@ pid_t startProcess(std::function fun, const ProcessOptions& options) { } }; - pid_t pid = doFork(options.allowVfork, wrapper); + pid_t pid = doFork(wrapper); if (pid == -1) { throw SysError("unable to fork"); } @@ -1012,12 +1014,6 @@ void runProgram2(const RunOptions& options) { } ProcessOptions processOptions; - // vfork implies that the environment of the main process and the fork will - // be shared (technically this is undefined, but in practice that's the - // case), so we can't use it if we alter the environment - if (options.environment) { - processOptions.allowVfork = false; - } /* Fork. */ Pid pid = startProcess( diff --git a/third_party/nix/src/libutil/util.hh b/third_party/nix/src/libutil/util.hh index ede83164d..0fa15f745 100644 --- a/third_party/nix/src/libutil/util.hh +++ b/third_party/nix/src/libutil/util.hh @@ -232,7 +232,6 @@ struct ProcessOptions { std::string errorPrefix = "error: "; bool dieWithParent = true; bool runExitHandlers = false; - bool allowVfork = true; }; pid_t startProcess(std::function fun, diff --git a/third_party/nix/src/nix-daemon/nix-daemon.cc b/third_party/nix/src/nix-daemon/nix-daemon.cc index 1f49788ae..2570179d4 100644 --- a/third_party/nix/src/nix-daemon/nix-daemon.cc +++ b/third_party/nix/src/nix-daemon/nix-daemon.cc @@ -1051,7 +1051,6 @@ static void daemonLoop(char** argv) { options.errorPrefix = "unexpected Nix daemon error: "; options.dieWithParent = false; options.runExitHandlers = true; - options.allowVfork = false; startProcess( [&]() { fdSocket = -1;