The disclosed subject matter relates generally to system management interrupts and, more particularly, to controllably blocking selected system interrupts such as the System Management Interrupt in the AMD64 architecture.
Typical computer systems are generally comprised of a processor, memory and external devices. Ordinarily, the processor is busy executing instructions retrieved from memory that are associated with an operating system and one or more application programs, such as a word processor, a graphics program, a game, or the like. However, execution of these application programs may be temporarily suspended to handle more urgent matters. For example, in some computer systems, the external devices are configured to generate interrupt signals that are associated with a high priority concern, such as a hardware error a low-voltage or power-loss situation, a high system temperature, or the like. These types of interrupts are generally known as system management interrupts (SMI). Owing to the urgency of this type of message, the processor promptly discontinues execution of the application program and begins to execute an interrupt handling routine that identifies a course of action to be taken by the processor in response to the particular type of interrupt.
Those skilled in the art will appreciate that if one or more of the external devices generates a significant number of SMIs, the operation of the processor may be substantially engaged in executing the numerous interrupt handling routines, rather than the executing the application programs. Such a condition may appear to the user as a slow and unresponsive application program.
In some instances one or more peripheral devices may fail or otherwise begin to operate in an undesirable fashion in which numerous SMIs are generated. In other instances, an attack, commonly known as an SMI storm, may occur in which the security of one or more peripheral devices may be compromised and put into a mode of operation in which a rapid sequence of SMI interrupts are generated to intentionally slow or substantially freeze the operation of the processor with respect to the application programs.
Some computer systems allow a guest operating system (OS) in a virtualized system to have direct access to the peripheral devices. U.S. Pat. No. 7,849,287 describes one embodiment of a hardware system that would support such a direct access system. Thus, the initial attack may take the form of loading a rogue guest OS. In such a situation, software in the guest OS can mal-program the peripheral to generate an SMI storm and thereby mount a denial-of-service (DoS) attack against other guest operating systems. Attacks such as the SMI storm are highly undesirable, as they prevent the computer system from performing its main task of executing the application program.