1 /*
2  * fork_process.c
3  *	 A simple wrapper on top of fork(). This does not handle the
4  *	 EXEC_BACKEND case; it might be extended to do so, but it would be
5  *	 considerably more complex.
6  *
7  * Copyright (c) 1996-2018, PostgreSQL Global Development Group
8  *
9  * IDENTIFICATION
10  *	  src/backend/postmaster/fork_process.c
11  */
12 #include "postgres.h"
13 #include "postmaster/fork_process.h"
14 
15 #include <fcntl.h>
16 #include <time.h>
17 #include <sys/stat.h>
18 #include <sys/time.h>
19 #include <unistd.h>
20 #ifdef USE_OPENSSL
21 #include <openssl/rand.h>
22 #endif
23 
24 #ifndef WIN32
25 /*
26  * Wrapper for fork(). Return values are the same as those for fork():
27  * -1 if the fork failed, 0 in the child process, and the PID of the
28  * child in the parent process.
29  */
30 pid_t
31 fork_process(void)
32 {
33 	pid_t		result;
34 	const char *oomfilename;
35 
36 #ifdef LINUX_PROFILE
37 	struct itimerval prof_itimer;
38 #endif
39 
40 	/*
41 	 * Flush stdio channels just before fork, to avoid double-output problems.
42 	 * Ideally we'd use fflush(NULL) here, but there are still a few non-ANSI
43 	 * stdio libraries out there (like SunOS 4.1.x) that coredump if we do.
44 	 * Presently stdout and stderr are the only stdio output channels used by
45 	 * the postmaster, so fflush'ing them should be sufficient.
46 	 */
47 	fflush(stdout);
48 	fflush(stderr);
49 
50 #ifdef LINUX_PROFILE
51 
52 	/*
53 	 * Linux's fork() resets the profiling timer in the child process. If we
54 	 * want to profile child processes then we need to save and restore the
55 	 * timer setting.  This is a waste of time if not profiling, however, so
56 	 * only do it if commanded by specific -DLINUX_PROFILE switch.
57 	 */
58 	getitimer(ITIMER_PROF, &prof_itimer);
59 #endif
60 
61 	result = fork();
62 	if (result == 0)
63 	{
64 		/* fork succeeded, in child */
65 #ifdef LINUX_PROFILE
66 		setitimer(ITIMER_PROF, &prof_itimer, NULL);
67 #endif
68 
69 		/*
70 		 * By default, Linux tends to kill the postmaster in out-of-memory
71 		 * situations, because it blames the postmaster for the sum of child
72 		 * process sizes *including shared memory*.  (This is unbelievably
73 		 * stupid, but the kernel hackers seem uninterested in improving it.)
74 		 * Therefore it's often a good idea to protect the postmaster by
75 		 * setting its OOM score adjustment negative (which has to be done in
76 		 * a root-owned startup script).  Since the adjustment is inherited by
77 		 * child processes, this would ordinarily mean that all the
78 		 * postmaster's children are equally protected against OOM kill, which
79 		 * is not such a good idea.  So we provide this code to allow the
80 		 * children to change their OOM score adjustments again.  Both the
81 		 * file name to write to and the value to write are controlled by
82 		 * environment variables, which can be set by the same startup script
83 		 * that did the original adjustment.
84 		 */
85 		oomfilename = getenv("PG_OOM_ADJUST_FILE");
86 
87 		if (oomfilename != NULL)
88 		{
89 			/*
90 			 * Use open() not stdio, to ensure we control the open flags. Some
91 			 * Linux security environments reject anything but O_WRONLY.
92 			 */
93 			int			fd = open(oomfilename, O_WRONLY, 0);
94 
95 			/* We ignore all errors */
96 			if (fd >= 0)
97 			{
98 				const char *oomvalue = getenv("PG_OOM_ADJUST_VALUE");
99 				int			rc;
100 
101 				if (oomvalue == NULL)	/* supply a useful default */
102 					oomvalue = "0";
103 
104 				rc = write(fd, oomvalue, strlen(oomvalue));
105 				(void) rc;
106 				close(fd);
107 			}
108 		}
109 
110 		/*
111 		 * Make sure processes do not share OpenSSL randomness state.
112 		 */
113 #ifdef USE_OPENSSL
114 		RAND_cleanup();
115 #endif
116 	}
117 
118 	return result;
119 }
120 
121 #endif							/* ! WIN32 */
122