<div dir="ltr"><div class="gmail_quote"><div dir="ltr">On Thu, Oct 26, 2017 at 9:56 AM Yaniv Kaul <<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I'm looking at some supervdsm log, and I'm seeing these commands:<div>/usr/bin/taskset --cpu-list 0-55 /usr/libexec/vdsm/fc-scan <br></div><div><br></div><div>and:</div><div>/usr/bin/taskset --cpu-list 0-55 /usr/bin/mount -t nfs -o soft,nosharecache,timeo=600,retrans=6 10.10.10.1:/NFS/images<br></div><div><br></div><div>And so on (also for iscsiadm).</div><div>Why do we need to taskset commands if we allow them to run on all CPUs? Why would we allow them to run on all CPUs anyway?</div></div></blockquote><div><br></div><div>Vdsm is running by default only on the second cpu. When we run external commands we</div><div>unpin the command by default so it can run on any cpu. supervdsm inherit the default</div><div>behavior by using vdsm.command.execCmd().</div><div><br></div><div>Since we do not pin supervdsm to any cpu, we can avoid the useless taskset</div><div>wrapper by using execCmd(reset_cpu_affinity=False) from supervdsm. But since</div><div>supervdsm code is mixed with vdsm code, it is hard to tell if a piece of</div><div>code is running in supervdsm or in vdsm and error prone.</div><div><br></div><div>If we have proper separation between code running in vdsm (vdsm user) and</div><div>code running in supervdsm (as root) this would be easy and much more</div><div>secure.</div><div><br></div><div>Nir</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
_______________________________________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org" target="_blank">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/devel</a></blockquote></div></div>