xemu-project · abaire · Nov 26, 2025 · Nov 27, 2025 · Dec 6, 2025 · Dec 14, 2025
diff --git a/hw/xbox/nv2a/nv2a.c b/hw/xbox/nv2a/nv2a.c
@@ -45,6 +45,13 @@ void nv2a_update_irq(NV2AState *d)
         d->pmc.pending_interrupts &= ~NV_PMC_INTR_0_PGRAPH;
     }
 
+    /* PTIMER */
+    if (d->ptimer.pending_interrupts & d->ptimer.enabled_interrupts) {
+        d->pmc.pending_interrupts |= NV_PMC_INTR_0_PTIMER;
+    } else {
+        d->pmc.pending_interrupts &= ~NV_PMC_INTR_0_PTIMER;
+    }
+
     if (d->pmc.pending_interrupts && d->pmc.enabled_interrupts) {
         trace_nv2a_irq(d->pmc.pending_interrupts);
         pci_irq_assert(PCI_DEVICE(d));
@@ -320,6 +327,7 @@ static void nv2a_reset(NV2AState *d)
     d->pmc.pending_interrupts = 0;
     d->pfifo.pending_interrupts = 0;
     d->ptimer.pending_interrupts = 0;
+    ptimer_reset(d);
     d->pcrtc.pending_interrupts = 0;
 
     for (int i = 0; i < 256; i++) {
@@ -444,7 +452,7 @@ const VMStateDescription vmstate_nv2a_pgraph_vertex_attributes = {
 
 static const VMStateDescription vmstate_nv2a = {
     .name = "nv2a",
-    .version_id = 3,
+    .version_id = 4,
     .minimum_version_id = 1,
     .post_save = nv2a_post_save,
     .post_load = nv2a_post_load,
@@ -564,6 +572,8 @@ static const VMStateDescription vmstate_nv2a = {
         VMSTATE_BOOL(pgraph.waiting_for_nop, NV2AState),
         VMSTATE_UNUSED(1),
         VMSTATE_BOOL(pgraph.waiting_for_context_switch, NV2AState),
+        VMSTATE_UINT32(ptimer.alarm_time_high, NV2AState),
+        VMSTATE_UINT64(ptimer.time_offset, NV2AState),
         VMSTATE_END_OF_LIST()
     },
 };
@@ -615,5 +625,6 @@ void nv2a_init(PCIBus *bus, int devfn, MemoryRegion *ram)
     NV2AState *d = NV2A_DEVICE(dev);
     nv2a_init_memory(d, ram);
     nv2a_init_vga(d);
+    ptimer_init(d);
     qemu_add_vm_change_state_handler(nv2a_vm_state_change, d);
 }
diff --git a/hw/xbox/nv2a/nv2a_int.h b/hw/xbox/nv2a/nv2a_int.h
@@ -115,6 +115,9 @@ typedef struct NV2AState {
         uint32_t numerator;
         uint32_t denominator;
         uint32_t alarm_time;
+        uint32_t alarm_time_high;
+        uint64_t time_offset;
+        QEMUTimer timer;
     } ptimer;
 
     struct {
@@ -220,4 +223,7 @@ void *nv_dma_map(NV2AState *d, hwaddr dma_obj_address, hwaddr *len);
 hwaddr nv_clip_gpu_tile_blit(NV2AState *d, hwaddr blit_base_address,
                              hwaddr len);
 
+void ptimer_init(NV2AState *d);
+void ptimer_reset(NV2AState *d);
+
 #endif
diff --git a/hw/xbox/nv2a/nv2a_regs.h b/hw/xbox/nv2a/nv2a_regs.h
@@ -63,6 +63,7 @@
 #define NV_PMC_INTR_0                                    0x00000100
 #   define NV_PMC_INTR_0_PFIFO                                 (1 << 8)
 #   define NV_PMC_INTR_0_PGRAPH                               (1 << 12)
+#   define NV_PMC_INTR_0_PTIMER                               (1 << 20)
 #   define NV_PMC_INTR_0_PCRTC                                (1 << 24)
 #   define NV_PMC_INTR_0_PBUS                                 (1 << 28)
 #   define NV_PMC_INTR_0_SOFTWARE                             (1 << 31)

diff --git a/hw/xbox/nv2a/ptimer.c b/hw/xbox/nv2a/ptimer.c
@@ -1,9 +1,10 @@
 /*
  * QEMU Geforce NV2A implementation
+ * PTIMER - time measurement and time-based alarms
  *
  * Copyright (c) 2012 espes
  * Copyright (c) 2015 Jannik Vogel
- * Copyright (c) 2018-2021 Matt Borgerson
+ * Copyright (c) 2018-2025 Matt Borgerson
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -21,14 +22,87 @@
 
 #include "nv2a_int.h"
 
-/* PTIMER - time measurement and time-based alarms */
-static uint64_t ptimer_get_clock(NV2AState *d)
+#define CLOCK_HIGH_MASK 0x1fffffff
+#define CLOCK_LOW_MASK 0x7ffffff
+#define ALARM_MASK 0xffffffe0
+
+static void ptimer_alarm_fired(void *opaque);
+
+void ptimer_reset(NV2AState *d)
+{
+    d->ptimer.alarm_time = 0;
+    d->ptimer.alarm_time_high = 0;
+    d->ptimer.time_offset = 0;
+    timer_del(&d->ptimer.timer);
+}
+
+void ptimer_init(NV2AState *d)
+{
+    timer_init_ns(&d->ptimer.timer, QEMU_CLOCK_VIRTUAL, ptimer_alarm_fired, d);
+    ptimer_reset(d);
+}
+
+static uint64_t ptimer_get_absolute_clock(NV2AState *d)
 {
     return muldiv64(muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
                              d->pramdac.core_clock_freq,
                              NANOSECONDS_PER_SECOND),
-                    d->ptimer.denominator,
-                    d->ptimer.numerator);
+                    d->ptimer.denominator, d->ptimer.numerator);
+}
+
+//! Returns the NV2A time adjusted by the last time register modification and
+//! shifted into range.
+static uint64_t get_ptimer_clock(NV2AState *d, uint64_t absolute_clock)
+{
+    return ((absolute_clock + d->ptimer.time_offset) << 5) &
+           0x1fffffffffffffffLL;
+}
+
+static uint64_t ptimer_ticks_to_ns(NV2AState *d, uint64_t ticks)
+{
+    uint64_t gpu_ticks =
+        muldiv64(ticks, d->ptimer.numerator, d->ptimer.denominator);
+    return muldiv64(gpu_ticks, NANOSECONDS_PER_SECOND,
+                    d->pramdac.core_clock_freq);
+}
+
+static void schedule_qemu_timer(NV2AState *d)
+{
+    if (!(d->ptimer.enabled_interrupts & NV_PTIMER_INTR_EN_0_ALARM)) {
+        return;
+    }
+
+    uint64_t now = get_ptimer_clock(d, ptimer_get_absolute_clock(d));
+    uint64_t alarm_time = (uint64_t)d->ptimer.alarm_time +
+                          ((uint64_t)d->ptimer.alarm_time_high << 32);
+
+    uint64_t diff_ns = 0;
+    if (alarm_time > now) {
+        diff_ns = ptimer_ticks_to_ns(d, (alarm_time - now) >> 5);
+    }
+    timer_mod(&d->ptimer.timer,
+              qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + diff_ns);
+}
+
+static void ptimer_alarm_fired(void *opaque)
+{
+    NV2AState *d = (NV2AState *)opaque;
+
+    if (!(d->ptimer.enabled_interrupts & NV_PTIMER_INTR_EN_0_ALARM)) {
+        return;
+    }
+
+    uint64_t now = get_ptimer_clock(d, ptimer_get_absolute_clock(d));
+    uint64_t alarm_time =
+        d->ptimer.alarm_time + ((uint64_t)d->ptimer.alarm_time_high << 32);
+
+    if (alarm_time <= now) {
+        d->ptimer.pending_interrupts |= NV_PTIMER_INTR_0_ALARM;
+        d->ptimer.alarm_time_high = now >> 32;
+        nv2a_update_irq(d);
+    }
+
+    schedule_qemu_timer(d);
 }
-    if (alarm_time <= now) {
-        d->ptimer.pending_interrupts |= NV_PTIMER_INTR_0_ALARM;
-        d->ptimer.alarm_time_high = now >> 32;
-        nv2a_update_irq(d);
-    }
-
-    schedule_qemu_timer(d);
-}
+    if (alarm_time <= now) {
+        d->ptimer.pending_interrupts |= NV_PTIMER_INTR_0_ALARM;
+        nv2a_update_irq(d);
+    } else {
+        /* Spurious wakeup, reschedule. */
+        schedule_qemu_timer(d);
+    }
-    if (alarm_time <= now) {
-        d->ptimer.pending_interrupts |= NV_PTIMER_INTR_0_ALARM;
-        d->ptimer.alarm_time_high = now >> 32;
-        nv2a_update_irq(d);
-    }
-
-    schedule_qemu_timer(d);
-}
+    if (alarm_time <= now) {
+        d->ptimer.pending_interrupts |= NV_PTIMER_INTR_0_ALARM;
+        nv2a_update_irq(d);
+    } else {
+        /* Spurious wakeup, reschedule. */
+        schedule_qemu_timer(d);
+    }
 
 uint64_t ptimer_read(void *opaque, hwaddr addr, unsigned int size)
@@ -49,11 +123,16 @@ uint64_t ptimer_read(void *opaque, hwaddr addr, unsigned int size)
     case NV_PTIMER_DENOMINATOR:
         r = d->ptimer.denominator;
         break;
-    case NV_PTIMER_TIME_0:
-        r = (ptimer_get_clock(d) & 0x7ffffff) << 5;
-        break;
-    case NV_PTIMER_TIME_1:
-        r = (ptimer_get_clock(d) >> 27) & 0x1fffffff;
+    case NV_PTIMER_TIME_0: {
+        uint64_t now = get_ptimer_clock(d, ptimer_get_absolute_clock(d));
+        r = now & 0xffffffff;
+    } break;
+    case NV_PTIMER_TIME_1: {
+        uint64_t now = get_ptimer_clock(d, ptimer_get_absolute_clock(d));
+        r = (now >> 32) & CLOCK_HIGH_MASK;
+    } break;
-    case NV_PTIMER_TIME_0: {
-        uint64_t now = get_ptimer_clock(d, ptimer_get_absolute_clock(d));
-        r = now & 0xffffffff;
-    } break;
-    case NV_PTIMER_TIME_1: {
-        uint64_t now = get_ptimer_clock(d, ptimer_get_absolute_clock(d));
-        r = (now >> 32) & CLOCK_HIGH_MASK;
-    } break;
+    case NV_PTIMER_TIME_0: {
+        uint64_t now = get_ptimer_clock(d, ptimer_get_absolute_clock(d));
+        d->ptimer.time_high_latched = (now >> 32) & CLOCK_HIGH_MASK;
+        r = now & 0xffffffff;
+    } break;
+    case NV_PTIMER_TIME_1: {
+        r = d->ptimer.time_high_latched;
+    } break;
-    case NV_PTIMER_TIME_0: {
-        uint64_t now = get_ptimer_clock(d, ptimer_get_absolute_clock(d));
-        r = now & 0xffffffff;
-    } break;
-    case NV_PTIMER_TIME_1: {
-        uint64_t now = get_ptimer_clock(d, ptimer_get_absolute_clock(d));
-        r = (now >> 32) & CLOCK_HIGH_MASK;
-    } break;
+    case NV_PTIMER_TIME_0: {
+        uint64_t now = get_ptimer_clock(d, ptimer_get_absolute_clock(d));
+        d->ptimer.time_high_latched = (now >> 32) & CLOCK_HIGH_MASK;
+        r = now & 0xffffffff;
+    } break;
+    case NV_PTIMER_TIME_1: {
+        r = d->ptimer.time_high_latched;
+    } break;
+    case NV_PTIMER_ALARM_0:
+        r = d->ptimer.alarm_time;
         break;
     default:
         break;
@@ -76,17 +155,47 @@ void ptimer_write(void *opaque, hwaddr addr, uint64_t val, unsigned int size)
         break;
     case NV_PTIMER_INTR_EN_0:
         d->ptimer.enabled_interrupts = val;
+        if (val) {
+            schedule_qemu_timer(d);
+        } else {
+            timer_del(&d->ptimer.timer);
+        }
         nv2a_update_irq(d);
         break;
     case NV_PTIMER_DENOMINATOR:
         d->ptimer.denominator = val;
+        schedule_qemu_timer(d);
         break;
     case NV_PTIMER_NUMERATOR:
         d->ptimer.numerator = val;
+        schedule_qemu_timer(d);
         break;
-    case NV_PTIMER_ALARM_0:
-        d->ptimer.alarm_time = val;
-        break;
+    case NV_PTIMER_ALARM_0: {
+        uint64_t now = get_ptimer_clock(d, ptimer_get_absolute_clock(d));
+
+        d->ptimer.alarm_time = val & ALARM_MASK;
+        d->ptimer.alarm_time_high = (now >> 32);
+        if (val <= (now & ALARM_MASK)) {
+            ++d->ptimer.alarm_time_high;
+        }
+        schedule_qemu_timer(d);
+    } break;
+    case NV_PTIMER_TIME_0: {
+        uint64_t absolute_clock = ptimer_get_absolute_clock(d);
+        uint64_t now = get_ptimer_clock(d, absolute_clock);
+        uint64_t target_relative =
+            (now & 0xffffffff00000000LL) | (((val >> 5) & CLOCK_LOW_MASK) << 5);
+        d->ptimer.time_offset = target_relative - absolute_clock;
+        schedule_qemu_timer(d);
+    } break;
+    case NV_PTIMER_TIME_1: {
+        uint64_t absolute_clock = ptimer_get_absolute_clock(d);
+        uint64_t now = get_ptimer_clock(d, absolute_clock);
+        uint64_t target_relative =
+            (now & 0xffffffff) | ((val & CLOCK_HIGH_MASK) << 32);
+        d->ptimer.time_offset = target_relative - absolute_clock;
+        schedule_qemu_timer(d);
+    } break;
     default:
         break;
     }