1. Field of the Invention
This invention relates to virtualization and the use of virtual machines in processors and computer systems and, more particularly, to virtualization of system management mode (SMM) code execution.
2. Description of the Related Art
Virtualization has been used in computer systems for a variety of different purposes. For example, virtualization may be used to execute privileged software in a “container” to prevent the privileged software from directly accessing and/or making changes to at least some of the physical machine state without first being permitted to do so by a virtual machine manager (VMM) that controls the virtual machine. Such a container may prevent “buggy” or malicious software from causing problems on the physical machine. Additionally, virtualization may be used to permit two or more privileged programs to execute on the same physical machine concurrently. The privileged programs may be prevented from interfering with each other since access to the physical machine is controlled. Privileged programs may include operating systems, and may also include other software which expects to have full control of the hardware on which the software is executing. In another example, virtualization may be used to execute a privileged program on hardware that differs from the hardware expected by the privileged program.
Generally, virtualization of a processor or computer system may include providing one or more privileged programs with access to a virtual machine (the container mentioned above) over which the privileged program has full control, but the control of the physical machine is retained by the VMM. The virtual machine may include a processor (or processors), memory, and various peripheral devices that the privileged program expects to find in the machine on which it is executing. Each privileged program (and related software in some cases, such as the applications that execute on an operating system) may be referred to herein as a guest. Virtualization may be implemented in software (e.g. the VMM mentioned above) without any specific hardware virtualization support in the physical machine on which the VMM and its virtual machines execute. However, virtualization may be simplified and/or achieve higher performance if some hardware support is provided.
The x86 instruction set architecture specifies a “system management mode” (SMM). SMM provides a transparent mechanism for power management, original equipment manufacturer (OEM) differentiation, response to external asynchronous events such as the closing of a laptop lid, temperature sensor triggering, etc., and some forms of peripheral device virtualization. SMM enables an address space (referred to as system management random access memory (SMRAM)) that is not visible, or useable, in other modes. The SMRAM stores the code that is executed in SMM, referred to as SMM code. Thus, the SMM code is not available for execution in other modes. In some cases, the SMM code may be provided by the guest. In other cases, the SMM code is associated with the specific computer system (“platform SMM code”). Platform SMM code is loaded by low level initialization software (e.g. basic input/output system (BIOS) software) before the operating system is loaded and before the VMM is loaded.
A processor implementing the x86 instruction set architecture enters SMM in response to a system management interrupt (SMI) signalled to the processor from an external source. In PC systems, for example, the source is typically the SouthBridge component. Some processors may also be configured to detect an SMI internally (e.g. by detecting execution of certain instructions, such as IN or OUT instructions to a particular input/output (I/O) port).
If virtualization is being implemented, SMM may be entered at any time (e.g. while a guest is executing, or while the host VMM or other host software is executing). Additionally, virtualization may be used as part of a secure operating system base. When security is being maintained, the system classifies code as either “trusted” or “not trusted”. Trusted code is typically precertified as trusted (not malicious, performing only the operation it is intended to perform), and may remain trusted as long as it remains unmodified (to protect against malicious programs such as viruses). Untrusted software may be executed in a virtual machine to protect machine state against undesirable modification by the software. In many cases, the SMM code is not trusted. A mechanism for handling SMM code when virtualization is being implemented is therefore desired.