Typical computer systems are generally comprised of a processor, memory, and external devices. Ordinarily, the central processing unit (CPU) is busy executing instructions retrieved from memory that are associated with an operating system and one or more application programs, such as a word processor, a graphics program, a game, or the like. However, execution of these application programs may be temporarily suspended to handle more urgent matters. For example, in some computer systems, the external devices are configured to generate interrupt signals that are associated with a high priority concern, such as a hardware error, a low-voltage or power-loss situation, a high system temperature, or the like. These types of interrupts are generally known as System Management Interrupts (SMIs), and are generally executed in System Management Mode (SMM), wherein execution of all normal processes is suspended in favor of the execution of an SMI in a protected environment. Owing to the urgency of this type of message, the processor temporarily halts execution of the application program while executing an SMI handling routine that identifies a course of action to be taken by the processor in response to the particular type of interrupt.
Those skilled in the art will appreciate that if one or more of the external devices generates a significant number of SMIs, the operation of the processor may be substantially engaged in executing the numerous interrupt handling routines, rather than executing the application programs. Such a condition may appear to the user as a slow and unresponsive application program.
In some instances, one or more peripheral devices may fail or otherwise begin to operate in an undesirable fashion in which numerous SMIs are generated. In other instances, an attack, commonly known as an SMI storm, may occur in which the security of one or more peripheral devices may be compromised and put into a mode of operation in which a rapid sequence of SMI interrupts are generated to intentionally slow or substantially freeze the operation of the processor with respect to the application programs.
Some computer systems allow a guest operating system (OS) in a virtualized system to have direct access to virtual peripheral devices. Thus, an initial attack may take the form of loading a rogue guest OS. In such a situation, software in the guest OS can mal-program the peripheral to generate an SMI storm and thereby mount a denial of service (DoS) attack against other guest operating systems. Attacks such as an SMI storm are highly undesirable, as they prevent the computer system from performing its main task of executing the application program.