System Management Mode (SMM) is a special operating mode that is implemented on certain types of central processing units (CPUs) (e.g., x86 CPUs) and is invoked by system firmware for handling low-level system management functions such as power management, system hardware control, and the like. A CPU enters SMM when a System Management Interrupt (SMI) is triggered. Upon entering SMM, the CPU is provided access/visibility to a special region of system memory, known as System Management RAM (SMRAM), where SMM code resides. The CPU executes SMM code from SMRAM while operating in SMM until it encounters a Resume from System Management Mode (RSM) instruction. Upon executing the RSM instruction, the CPU leaves SMM and returns to its normal operating mode (i.e., non-SMM mode).
Generally speaking, SMM code runs with full privileges on a computer system. Thus, for security reasons, the computer system needs to guarantee that SMRAM, which contains SMM code, is only accessible by the system's CPU(s) when those CPU(s) are actually operating in SMM. If the computer system is a multi-processor (MP) system, this can be challenging to enforce because each CPU of the system's multiple CPUs can enter/exit SMM independently and thus may or may not be operating in SMM at a given point in time.
In existing physical MP systems, the system hardware generally implements the foregoing guarantee by providing each physical CPU its own “local” view of system memory (i.e., RAM). In this per-CPU local view, SMRAM is mapped (and thus accessible/visible to the CPU) if the CPU is operating in SMM, and SMRAM is not mapped (and thus inaccessible/invisible to the CPU) if the CPU is not operating in SMM.
Similarly, in existing virtualized MP systems (i.e., virtual machines (VMs)), the virtualization platform generally implements the foregoing guarantee by providing each virtual CPU (vCPU) of the VM its own local view of guest RAM. In this per-vCPU local view, SMRAM is mapped (and thus accessible/visible to the vCPU) if the vCPU is operating in SMM, and SMRAM is not mapped (and thus inaccessible/invisible to the vCPU) if the vCPU is not operating in SMM.
While the approach of providing different views of system memory to different CPUs/vCPUs in order to securely support SMM is functional, it undesirably complicates the hardware and/or software design of the computer system. Further, this approach cannot be efficiently adapted for use in certain contexts.