On 27/10/2024 02:07, Jiatong Shen wrote:
Hello Community Experts,
I found that to enable the HPET timer for x86 guests, the operator should set hw_time_hpet on the given image.
Image properties are primarily for end users to express the requirements of images they upload rather then for operators, but they can be set by operators too.
By default, HPET is disabled. My question is what are the pros and cons for using HPET?
Its off by default because there some security concerns with access to the HPET and the minimal performance overhead it introduces. support was added in https://github.com/openstack/nova/commit/9e884de68af9b83a92850e823cae152cfe8... The hpet is generally not required by almost any application but it does provided more precision but higher overhead. In general unless you need it you should leave it disabled. The security concern is just that if you provide a high precision time source to a guest it can help execute timing based attacks leveraging some of cpu vulnerability that leverage speculative execution. in practice this is not very practical to exploit so the hpet is generally considered safe.
Thanks.