1/*
2 * fork_process.c
3 * A simple wrapper on top of fork(). This does not handle the
4 * EXEC_BACKEND case; it might be extended to do so, but it would be
5 * considerably more complex.
6 *
7 * Copyright (c) 1996-2019, PostgreSQL Global Development Group
8 *
9 * IDENTIFICATION
10 * src/backend/postmaster/fork_process.c
11 */
12#include "postgres.h"
13#include "postmaster/fork_process.h"
14
15#include <fcntl.h>
16#include <time.h>
17#include <sys/stat.h>
18#include <sys/time.h>
19#include <unistd.h>
20#ifdef USE_OPENSSL
21#include <openssl/rand.h>
22#endif
23
24#ifndef WIN32
25/*
26 * Wrapper for fork(). Return values are the same as those for fork():
27 * -1 if the fork failed, 0 in the child process, and the PID of the
28 * child in the parent process.
29 */
30pid_t
31fork_process(void)
32{
33 pid_t result;
34 const char *oomfilename;
35
36#ifdef LINUX_PROFILE
37 struct itimerval prof_itimer;
38#endif
39
40 /*
41 * Flush stdio channels just before fork, to avoid double-output problems.
42 * Ideally we'd use fflush(NULL) here, but there are still a few non-ANSI
43 * stdio libraries out there (like SunOS 4.1.x) that coredump if we do.
44 * Presently stdout and stderr are the only stdio output channels used by
45 * the postmaster, so fflush'ing them should be sufficient.
46 */
47 fflush(stdout);
48 fflush(stderr);
49
50#ifdef LINUX_PROFILE
51
52 /*
53 * Linux's fork() resets the profiling timer in the child process. If we
54 * want to profile child processes then we need to save and restore the
55 * timer setting. This is a waste of time if not profiling, however, so
56 * only do it if commanded by specific -DLINUX_PROFILE switch.
57 */
58 getitimer(ITIMER_PROF, &prof_itimer);
59#endif
60
61 result = fork();
62 if (result == 0)
63 {
64 /* fork succeeded, in child */
65#ifdef LINUX_PROFILE
66 setitimer(ITIMER_PROF, &prof_itimer, NULL);
67#endif
68
69 /*
70 * By default, Linux tends to kill the postmaster in out-of-memory
71 * situations, because it blames the postmaster for the sum of child
72 * process sizes *including shared memory*. (This is unbelievably
73 * stupid, but the kernel hackers seem uninterested in improving it.)
74 * Therefore it's often a good idea to protect the postmaster by
75 * setting its OOM score adjustment negative (which has to be done in
76 * a root-owned startup script). Since the adjustment is inherited by
77 * child processes, this would ordinarily mean that all the
78 * postmaster's children are equally protected against OOM kill, which
79 * is not such a good idea. So we provide this code to allow the
80 * children to change their OOM score adjustments again. Both the
81 * file name to write to and the value to write are controlled by
82 * environment variables, which can be set by the same startup script
83 * that did the original adjustment.
84 */
85 oomfilename = getenv("PG_OOM_ADJUST_FILE");
86
87 if (oomfilename != NULL)
88 {
89 /*
90 * Use open() not stdio, to ensure we control the open flags. Some
91 * Linux security environments reject anything but O_WRONLY.
92 */
93 int fd = open(oomfilename, O_WRONLY, 0);
94
95 /* We ignore all errors */
96 if (fd >= 0)
97 {
98 const char *oomvalue = getenv("PG_OOM_ADJUST_VALUE");
99 int rc;
100
101 if (oomvalue == NULL) /* supply a useful default */
102 oomvalue = "0";
103
104 rc = write(fd, oomvalue, strlen(oomvalue));
105 (void) rc;
106 close(fd);
107 }
108 }
109
110 /*
111 * Make sure processes do not share OpenSSL randomness state.
112 */
113#ifdef USE_OPENSSL
114 RAND_cleanup();
115#endif
116 }
117
118 return result;
119}
120
121#endif /* ! WIN32 */
122