Hello,
We are observing a recurring virtual‑timer IRQ loop during Realm guest bring‑up under TF‑RMM with RME enabled. The problem seems to be an ordering issue around restoring Realm timer state at EL2 and subsequently evaluating pending timer conditions.
When a virtual-timer interrupt is taken to EL2-R, the timer registers (CNTV_CTL=0x5 and CNTV_CVAL) are saved, and the IRQ is then reported to host OS. When EL2 restores CNTV_CTL and CNTV_CVAL on return from the host, the write sequence is not synchronized before EL2 performs the timer‑pending check in the function check_pending_timers(). Because CNTVCT continues to advance, and CNTV_CVAL < CNTVCT is already true at restore time, the read of CNTV_CTL can reflect a stale value (0x1). As a result, EL2 does not set CNTHCTL_EL2.CNTVMASK, fails to clear the pending virtual‑timer interrupt, and the IRQ is re‑asserted immediately upon Realm re‑entry—causing the repeated exit/entry loop.
Inserting an isb() after restoring the Realm’s timer registers and before performing the timer‑pending check helped resolve the issue.
I’d appreciate any feedback.
Thanks
Hi Manoj, Thanks for reporting. Sounds like a valid issue. I have pushed a patch with the fix here : https://review.trustedfirmware.org/c/TF-RMM/tf-rmm/+/48349 Is that the fix you had in mind ?
Best Regards Soby Mathew
From: Manoj Ekbote via tf-rmm tf-rmm@lists.trustedfirmware.org Sent: Wednesday, February 18, 2026 5:18 AM To: tf-rmm@lists.trustedfirmware.org; santosh sood santsood@qti.qualcomm.com Subject: [tf-rmm] Realm guest stuck in IRQ loop
Hello,
We are observing a recurring virtual‑timer IRQ loop during Realm guest bring‑up under TF‑RMM with RME enabled. The problem seems to be an ordering issue around restoring Realm timer state at EL2 and subsequently evaluating pending timer conditions.
When a virtual-timer interrupt is taken to EL2-R, the timer registers (CNTV_CTL=0x5 and CNTV_CVAL) are saved, and the IRQ is then reported to host OS. When EL2 restores CNTV_CTL and CNTV_CVAL on return from the host, the write sequence is not synchronized before EL2 performs the timer‑pending check in the function check_pending_timers(). Because CNTVCT continues to advance, and CNTV_CVAL < CNTVCT is already true at restore time, the read of CNTV_CTL can reflect a stale value (0x1). As a result, EL2 does not set CNTHCTL_EL2.CNTVMASK, fails to clear the pending virtual‑timer interrupt, and the IRQ is re‑asserted immediately upon Realm re‑entry—causing the repeated exit/entry loop.
Inserting an isb() after restoring the Realm’s timer registers and before performing the timer‑pending check helped resolve the issue.
I’d appreciate any feedback.
Thanks
Hi Soby,
The patch looks good. It also handles the case when switching to the Normal world.
Thanks, Manoj
From: Soby Mathew Soby.Mathew@arm.com Sent: Tuesday, February 17, 2026 10:23 PM To: Manoj Ekbote mekbote@qti.qualcomm.com; tf-rmm@lists.trustedfirmware.org; santosh sood santsood@qti.qualcomm.com Cc: nd nd@arm.com Subject: RE: Realm guest stuck in IRQ loop
WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros. Hi Manoj, Thanks for reporting. Sounds like a valid issue. I have pushed a patch with the fix here : https://review.trustedfirmware.org/c/TF-RMM/tf-rmm/+/48349 Is that the fix you had in mind ?
Best Regards Soby Mathew
From: Manoj Ekbote via tf-rmm <tf-rmm@lists.trustedfirmware.orgmailto:tf-rmm@lists.trustedfirmware.org> Sent: Wednesday, February 18, 2026 5:18 AM To: tf-rmm@lists.trustedfirmware.orgmailto:tf-rmm@lists.trustedfirmware.org; santosh sood <santsood@qti.qualcomm.commailto:santsood@qti.qualcomm.com> Subject: [tf-rmm] Realm guest stuck in IRQ loop
Hello,
We are observing a recurring virtual‑timer IRQ loop during Realm guest bring‑up under TF‑RMM with RME enabled. The problem seems to be an ordering issue around restoring Realm timer state at EL2 and subsequently evaluating pending timer conditions.
When a virtual-timer interrupt is taken to EL2-R, the timer registers (CNTV_CTL=0x5 and CNTV_CVAL) are saved, and the IRQ is then reported to host OS. When EL2 restores CNTV_CTL and CNTV_CVAL on return from the host, the write sequence is not synchronized before EL2 performs the timer‑pending check in the function check_pending_timers(). Because CNTVCT continues to advance, and CNTV_CVAL < CNTVCT is already true at restore time, the read of CNTV_CTL can reflect a stale value (0x1). As a result, EL2 does not set CNTHCTL_EL2.CNTVMASK, fails to clear the pending virtual‑timer interrupt, and the IRQ is re‑asserted immediately upon Realm re‑entry—causing the repeated exit/entry loop.
Inserting an isb() after restoring the Realm’s timer registers and before performing the timer‑pending check helped resolve the issue.
I’d appreciate any feedback.
Thanks
Thanks for confirming. The patch is merged now.
Best Regards Soby Mathew
From: Manoj Ekbote mekbote@qti.qualcomm.com Sent: Wednesday, February 18, 2026 4:31 PM To: Soby Mathew Soby.Mathew@arm.com; tf-rmm@lists.trustedfirmware.org; santosh sood santsood@qti.qualcomm.com Cc: nd nd@arm.com Subject: RE: Realm guest stuck in IRQ loop
Hi Soby,
The patch looks good. It also handles the case when switching to the Normal world.
Thanks, Manoj
From: Soby Mathew <Soby.Mathew@arm.commailto:Soby.Mathew@arm.com> Sent: Tuesday, February 17, 2026 10:23 PM To: Manoj Ekbote <mekbote@qti.qualcomm.commailto:mekbote@qti.qualcomm.com>; tf-rmm@lists.trustedfirmware.orgmailto:tf-rmm@lists.trustedfirmware.org; santosh sood <santsood@qti.qualcomm.commailto:santsood@qti.qualcomm.com> Cc: nd <nd@arm.commailto:nd@arm.com> Subject: RE: Realm guest stuck in IRQ loop
WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros. Hi Manoj, Thanks for reporting. Sounds like a valid issue. I have pushed a patch with the fix here : https://review.trustedfirmware.org/c/TF-RMM/tf-rmm/+/48349 Is that the fix you had in mind ?
Best Regards Soby Mathew
From: Manoj Ekbote via tf-rmm <tf-rmm@lists.trustedfirmware.orgmailto:tf-rmm@lists.trustedfirmware.org> Sent: Wednesday, February 18, 2026 5:18 AM To: tf-rmm@lists.trustedfirmware.orgmailto:tf-rmm@lists.trustedfirmware.org; santosh sood <santsood@qti.qualcomm.commailto:santsood@qti.qualcomm.com> Subject: [tf-rmm] Realm guest stuck in IRQ loop
Hello,
We are observing a recurring virtual‑timer IRQ loop during Realm guest bring‑up under TF‑RMM with RME enabled. The problem seems to be an ordering issue around restoring Realm timer state at EL2 and subsequently evaluating pending timer conditions.
When a virtual-timer interrupt is taken to EL2-R, the timer registers (CNTV_CTL=0x5 and CNTV_CVAL) are saved, and the IRQ is then reported to host OS. When EL2 restores CNTV_CTL and CNTV_CVAL on return from the host, the write sequence is not synchronized before EL2 performs the timer‑pending check in the function check_pending_timers(). Because CNTVCT continues to advance, and CNTV_CVAL < CNTVCT is already true at restore time, the read of CNTV_CTL can reflect a stale value (0x1). As a result, EL2 does not set CNTHCTL_EL2.CNTVMASK, fails to clear the pending virtual‑timer interrupt, and the IRQ is re‑asserted immediately upon Realm re‑entry—causing the repeated exit/entry loop.
Inserting an isb() after restoring the Realm’s timer registers and before performing the timer‑pending check helped resolve the issue.
I’d appreciate any feedback.
Thanks
tf-rmm@lists.trustedfirmware.org
-
Manoj Ekbote -
Soby Mathew