0xF000_0000
–0xFFFF_FFFF
Firmware / BIOS~256 MiB reserved
Firmware / BIOS region — top of 32-bit address space. On x86-64 this holds the BIOS ROM, ACPI tables, SMBIOS structures, MP tables, and the start trampoline. The payload can be the krunfw-embedded BIOS or an external UEFI firmware. Guest CPUs reset with CS:IP pointing into this region.
0xFEC0_0000
–0xFEFF_FFFF
MMIO Device Spacevirtio MMIO bars
MMIO device space — each virtio device is assigned a 4 KiB (or larger) window here. The MMIO bus maps
Bus::insert(transport, base, len) bus.rs:114 entries into a BTreeMap. Guest MMIO reads/writes to these addresses trigger KVM_EXIT_MMIO exits.
0xC000_0000
–0xFEBF_FFFF
PCI hole / gapnot RAM
PCI memory hole — the region between 3 GiB and the start of the MMIO window is left unmapped for PCI BARs and future device expansion. If the guest has more than 3 GiB of RAM, the remainder is placed in the high-RAM region above 4 GiB.
dynamic
Shared Memory (GPU / FS)SHM manager
Shared memory regions — the SHM manager
shm.rs:19 allocates memfd-backed regions that are mapped into both host and guest address spaces. Used by: GPU device (virgl resource buffers, frame data), FS device (9P protocol buffers). Each region is registered with the hypervisor as an additional user memory region.
0x1_0000_0000
– mem_size
High RAM (> 4 GiB)if mem_size > 3 GiB
High memory — if the VM is configured with more than 3 GiB of RAM, the remainder lives above the 4 GiB boundary. This avoids the 32-bit PCI hole. The E820 map (boot_params) advertises both low and high memory ranges to the guest kernel.
near top of
low RAM
Initrd imageread_initrd_image()
Initrd / initial ramdisk — loaded just below the top of low RAM. Its guest physical address and size are written into the kernel boot parameters (zero page) so the kernel can mount it as the initial root filesystem. The krunfw bundle includes a minimal initrd.
0x0100_0000
(1 MiB)
Kernel imagekernel loader writes here
Kernel load address — on x86-64 the kernel is loaded at 1 MiB (default bzImage load address). The kernel loader copies the compressed image, sets up the boot params (zero page at 0x7000), and the vCPU entry point is set to the kernel's 64-bit entry point.
0x0001_0000
–0x000F_FFFF
Low RAMboot params, GDT, zero page
Low RAM — the first megabyte holds x86-specific boot structures: GDT, IDT, initial page tables, the boot_params (zero page) at 0x7000, and the kernel command line string. This region is mapped as regular RAM but written by the VMM before vCPU threads start.
0x0000_0000
–0x0000_FFFF
Reserved (zeroed)IVT / BIOS data area
Reserved low memory — the first 64 KiB is zeroed and not used by the VMM. It covers the legacy real-mode IVT and BIOS data area. The Linux kernel skips this region when scanning the E820 map.