Linux implements fork() through the clone() system call. This system call uses a series of parameter flags to indicate the resources that the parent and child processes need to share. The fork(), vfork() and __clone() library functions all use clone() according to their required parameter flags, and then clone() calls do_fork().
do_fork() does most of the work in the creation, and its definition is in the kernel/fork.c file. This function calls the copy_process() function and then lets the process start running. The work done by the copy_process() function is as follows:
(1) Call dup_task_struct() to create a kernel stack, thread_info structure and task_struct for the new process, and these values are the same as those of the current process. At this point, the descriptors of the child process and the parent process are exactly the same.
(2) Check and ensure that after the new child process is created, the number of processes owned by the current user does not exceed the limit of the resources allocated to it.
(3) The child process sets out to differentiate itself from the parent process. Many members of the process descriptor must be cleared or set to initial values. Those are not inherited process descriptor members, mainly statistics. Most of the data in task_struct is still modified.
(4) The status of the child process is set to TASK_UNINTERRUPTIBLE to ensure that he will not be put into operation.
(5) Call copy_flags() to update the flags member of task_struct. The PF_SUPERPRIV flag indicating whether the process has superuser privileges is cleared to 0. The PF_FORKNOEXEC flag indicating that the process has not called the exec() function is set.
(6) Call alloc_pid() to assign a valid PID to the new process.
(7) According to the parameter flag passed to clone(), copy_process() copies or shares open files, file system information, signal processing functions, process address space and namespace, etc. In general, these resources are shared by all threads of a given process; otherwise, these resources are different for each process and are therefore copied here.
(8) Finally, copy_process() does the finishing work and returns a pointer to the child process.
Going back to the do_fork() function, if the copy_process() function returns successfully, the newly created child process is awakened and put into operation. The kernel intentionally chooses the child process to execute first. Because half of the child processes will call the exec() function right away, this avoids the extra overhead of copy-on-write, and if the parent process executes first, it may start writing to the address space.
Please correct me if there is any mistake