Where are local APIC addresses in QEMU?

Question

Where are local APIC addresses in QEMU?

According to Intel's document, FEE0 0000H to FEE0 03F0H is the range of local APIC. However, examining it from QEMU console, I can only find the value 0 there:

(qemu) x/128b 0xfee00000
fee00000: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00008: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00010: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00018: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00020: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00028: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00030: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00038: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00040: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00048: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00050: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00058: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00060: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00068: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00070: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
fee00078: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00

I checked 128 bytes to see if anything different than 0. At least, FEE0 0030H should contain a different value since it is where APIC version is in.

Paging is disabled, so there's no virtual memory; just physical:

(qemu) info mem
PG disabled

But, info lapic command reports actual initial values:

(qemu) info lapic 
dumping local APIC state for CPU 0 

LVT0     0x00008700 active-hi level                             ExtINT (vec 0)
LVT1     0x00008400 active-hi level                             NMI   
LVTPC    0x00010000 active-hi edge  masked                      Fixed  (vec 0)
LVTERR   0x00010000 active-hi edge  masked                      Fixed  (vec 0)
LVTTHMR  0x00010000 active-hi edge  masked                      Fixed  (vec 0)
LVTT     0x00030010 active-hi edge  masked         periodic     Fixed  (vec 16)
Timer    DCR=0x2 (divide by 8) initial_count = 4096
SPIV     0x000001ff APIC enabled, focus=off, spurious vec 255
ICR  0x000c4610 physical edge assert all
ICR2     0x00000000
ESR  0x00000000
ISR  (none)
IRR  (none)

So, where are these values?

x86

qemu

asked on Stack Overflow Nov 3, 2016 by

Amumu • edited Nov 3, 2016 by

Amumu

2 Answers

The device is emulated. When a vCPU reads or writes to those addresses, they are handled by the emulated APIC. When GDB/the QEMU console does, it probably doesn't get routed through that emulator (emulated reads can change state). Likely, gdb/the QEMU console just gets routed to QEMU's representation of RAM, which doesn't include the APIC.

answered on Stack Overflow Nov 3, 2016 by

ruthafjord • edited Nov 3, 2016 by

ruthafjord

The default is FEE0 0000H to FEE0 03F0H but it occupies the full 4KiB page. The first 16 bytes are reserved for an MSI interrupt to the core with APIC ID 0 (which is necessary if it is placed within the MSI range). MSI interrupts for the other 255 cores rest on the start of page boundaries, 1 page each, up to and including FEEF F000H. The LAPIC can be adjusted on each logical core as each logical core has an IA32_APIC_BASE_MSR.

answered on Stack Overflow May 1, 2020 by

Lewis Kelsey • edited May 1, 2020 by

Lewis Kelsey

User contributions licensed under CC BY-SA 3.0