Processors such as Intel® Processors and others may be designed in general to allow data from memory to be cached by the processor. Additionally, accesses to data in memory may require one or more actions to be taken with regard to the contents of caching structures in the system processor or processors. These actions are referred to herein as snooping characteristics. Furthermore, certain processors may select to allow dynamic reordering of memory accesses. The type of caching, if any (cacheability) used by the processor to access a location in memory, the snooping characteristics and whether dynamic reordering of memory accesses is enabled for that location determines certain behaviors of the memory location, such as for example whether the memory location supports ordering operations or side-effects of reads correctly. These attributes and others that relate to memory behavior are called a memory type and may be specified for a given memory location and access event using a variety of system flags and registers. Memory types may include, for example, “uncacheable”, “write combining”, “write through”, “write back”, and “write protect”. Memory type range registers (MTRRs), a page attribute table, page tables and other processor control register fields may determine, for each memory access, the relevant memory type for the linear or physical address being accessed. The communication protocols utilized by a processor may vary depending on the memory type of the memory location being accessed.
Any system software or program executing in a privileged mode may read and modify the memory types specified by these processor control registers, including the MTRRs, and thus change the memory types for ranges of system memory, using instructions such as RDMSR (read model specific register) and WRMSR (write model specific register) in relevant IA-32 architectures (IA-32 Intel Architecture Software Developer's Manual, vol. 3). This in turn may allow malware, or undesirable software such as worms, viruses, Trojans, etc. running in privileged mode to launch cache based attacks on critical data or code segments of memory. For example, modifying the caching behavior for a range of memory locations from write-through to write-back can lead to unpredictable and possibly harmful system behavior, and can be exploited by malware to alter the code and data segments of a system or user process via a cache-based attack. Such modifications are unlikely to be detectable by any chipset based memory protection method that merely monitors accesses to memory because such monitoring cannot detect cache-based attacks wherein modifications that are done entirely within the cache. Many other such memory typing related attacks are possible that may range in their effect from merely impacting performance to unauthorized access to, or actual corruption of code or data. While such attacks are theoretically preventable by means such as preventing all modification of MTRRs, after system boot, or by forcing a cache flush each time a privileged process relinquishes a processor, such a solution may impose unacceptable limitations on flexibility or performance.
Processors such as Intel Processors and others may support a system management (SM) mode (SMM). A processor operating in SMM provides a special-purpose, alternate operating environment that can be used to monitor and manage various system-wide functions such as managing system resources for more efficient energy usage, to control system hardware, or to run specialized code outside the control of the normal operating environment such as the operating system.
When SMM is invoked, often through a system management interrupt (SMI), the processor switches to the separate operating environment and executes handler code to perform system management operations. Generally, code and data related to system management mode reside in a special chipset or BIOS-protected area of memory that is inaccessible to processes such as the operating system when the system is executing in a non-SM mode, termed system management random access memory (SMRAM) in the IA-32 architecture. When the SMI handler has completed its operations, it resumes executing the interrupted application or operating-system program or task.