SMM handling in VT-x

SMM handling in VT-x

I'm writing security-related software using VT-x technology. My VMM is installed as host and OS Windows NT (32-bit) becomes running in guest mode. Everything works fine, but PC doesn't wake after stand-by mode. I think this is because proper-handling of system-management mode (SMM) is missing in VMM. I tried to catch SMI interrupt exits in VMM but got nothing:

void VirtualCpu::OnVmExit(CPU_STATE *cpuState)
{
ULONG_PTR exitReason = __vmread(VM_EXIT_REASON);
...
if(exitReason == EXIT_REASON_IO_SMI || exitReason == EXIT_REASON_OTHER_SMI)
{
ctrace("SMI "); // trace to serial port
// this code doesn't execute
}
...
}

I need any thoughts about handling SMM
in VT-x VMM. Thank you in advance.

5 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

The first question to ask is: do you trap on the transition into stand-by mode?

The VMM should turn VMX off before transitioning into S3. Moreover, when the
system comes back from stand-by, the OSPM (the Windows OS) will get control,
without going into the VMM first.

In some VMMs , they replace
the OSPM wakeup routine with the VMMs, so that when the BIOS wakes up from S3,
it will call the VMMs wakeup routine (the VMM will call the original OSPM
wakeup routine).

Therefore, the problem
might not be related to SMM. SMM executes by default outside the context of VMX,
meaning that the VMM will not trap on SMM.

Thank you for detailed answer.

Is there a way to run SMM code inside guest ?

SMM is a special
operating mode that is transparent to the guest and OS in non-VMX mode.
The
PRM vol3B contains info about SMM in non-VMX mode (section 24.1) and in VMX mode
(section 24.16). A typical guest (in non-VMX mode) can not access SMM code.
The VMX section discusses how to set up a dual-monitor environment to handle
SMIs in a separate VMM.

Are you trying to use SMM
in the dual-monitor VMX
mode? What SMM functionality are you trying to access from a
guest?

I want VMM to handle transition in SMM and exiting from it properly by running SMM code in guest.
The SMM monitor should intercept execution of RSM in guest and properly finish working in SMM. The SMM handler code should be left unchanged if possible.

After reading the section 24.16 of 3B, I suppose these steps should be taken to enter in dual-monitor treatment:
- Set IA32_SMM_MONITOR_CTL MSR
- Set MSEG header
- Activate dual-monitor treatment by executing VMCALL opcode in VMX root mode
- Set VMCS for SMM monitor
- Switch to executive monitor. When SMI occurs, control will be transferred to SMM monitor
- Intercept RSM in guest; make VM-entry with "entry to SMM" VM-entry control set to 0

However this is only assumption. Can you describe the process of running SMM code in dual-monitor treatment more detailed?

Leave a Comment

Please sign in to add a comment. Not a member? Join today