1

I am writing some firmware code running in the System Managemnt Mode (SMM) on an Intel platform. I want to fully understand how my SMI handler get started.

I read from the Intel Manual that:

The only way to enter SMM is by signaling an SMI through the SMI# pin on the processor or through an SMI message received through the APIC bus.

And I also read that a synchronous SMI can be triggered by writing to an I/O port.

My understanding is like this:

SMM is just a special operating mode of a processor. Based on my previous experience, whenever I want to change the state of a processor, such as enabling paging or enterring protected mode, I usually modify the control register or Model Specific Registers (MSR). These registers are part of the processor and I can buy it that some internal magic happens if I change some bits of them.

But what does the above I/O port mean? Where does this port pointing to? If writing to a port can trigger a SMI as well, how is the port-writing-approach related to the canonical ways of SMI# pin and the SMI message? And is this port number changeable?

smwikipedia
  • 61,609
  • 92
  • 309
  • 482
  • 4
    The CPU enters the SMM upon an assertion of the SMI# pin. This assertion can be virtual, by the mean of reprogramming the LAPIC pins configuration and then triggering a suitable interrupt, or physical. Since a pin is, by definition, an input from the external, the CPU needs an external device to drive the SMI# pin physically. This is usually the PCH. The PCH is controlled through MMIO or dedicated IO, the latter takes the form of a write into the IO address space at a specific address. – Margaret Bloom Jun 13 '17 at 09:39
  • 2
    While memory addresses identify memory locations (a.k.a. words), io addresses identify IO ports. That's just a name, in the end, they are all transactions into the DMI/QPI/DDR bus with their data, address and type (memory vs io). I'm not aware of any standard IO port that asserts the SMI#, I have an Intel Chipset 200 datasheet that has a PM unit that can easily trigger an SMI but that's just a specific case. Each chipset has its layout of registers, ports usually come in continuous blocks, the base address can be changed but the layout cannot. – Margaret Bloom Jun 13 '17 at 09:40
  • 2
    The layout can be standardised though. Regarding the SMI message: PCI/PCIe introduced MSI (Message Signaling Interrupt) - they are transactions (they are true writes to specific addresses) on the bus that the IOAPIC or LAPIC snoop and convert to an interrupt. Using transactions instead of wires offer huge benefits in term of routeing. One of this MSI can be used to trigger an SMI, thereby the name SMI message. – Margaret Bloom Jun 13 '17 at 09:40
  • 2
    Are you asking about a standard way to trigger the SMI through IO or how writing to a port can trigger an SMI? The former does not exist, the latter can be elaborated into an answer :) – Margaret Bloom Jun 13 '17 at 09:42
  • 2
    A thing: what Intel calls an SMI message in the APIC bus is probably an internal message used in the obsolete APIC architecture that used a 3-wire dedicated bus. – Margaret Bloom Jun 13 '17 at 09:49
  • Thanks! I am reading some PCH part firmware code and see if I can get a picture of the whole SMI story. Then I will come back with more findings/questions. :) – smwikipedia Jun 13 '17 at 11:53
  • It seems interrupt mechanism has gone through such an evolution: `processor pins -> 8259A -> APIC -> MSI`. – smwikipedia Jul 24 '17 at 00:23
  • 1
    @smwikipedia processor pins -> 8259A -> I/O APIC -> MSI -> MSI-x. The IOAPIC has a 8259A mode and I think PCIe TLPs can emulate the INTA sequence. The IOAPIC is still used by the RTC and ps2 interrupts; it's just an interface to generate MSI interrupts for devices that don't support it. All PCIe devices still support IOAPIC routing and use the pin section in the configuration space to emulate an interrupt packet which is handled by the bridge – Lewis Kelsey Mar 28 '19 at 11:57
  • Although I'm not sure about that. I'm sure PCI had a transaction type that allowed for 8086 INTA cycle emulation but I don't think PCIe does. I think possibly the I/O APIC has wires that directly connects to LINT0 and LINT1 for when it is in 8259A mode but since the I/O APIC has been moved to the die it could just be internally hardwired. I'm not sure if interrupt redirection still works or whether it all goes to a dedicated core. @MargaretBloom what do you know about that? – Lewis Kelsey Mar 28 '19 at 15:08
  • @LewisKelsey I would have to brush on the specs a bit, what I remember is that PCI had the INTA/B/C/D lines that can go either to the IOAPIC or the PIC. Both the PIC and IO APIC were in the south bridge (today they are in the PCH and in the die only if the PCH is). There was a routing logic to map the PCI INTx lines to the IRQx pins of the PIC. The IOAPIC don't need it, so the routing may be hardwired for it. The PCI iteself should not be aware of the INTA bus cycle (which was a ISA thing), instead the INTx lines connect to an interrupt controller (PIC or IOAPIC). – Margaret Bloom Mar 28 '19 at 16:47
  • 1
    The way the PIC and the APICs are used define the mode (e.g. Virtual Wire Mode, Symmetric IO, PIC mode). PCIe still has legacy interrupts plus MSI and MSI-X. Since MSIs are very flexible they are increasingly used and the IO APIC is being deprecated. See [this](https://www.manualslib.com/manual/77733/Intel-Multiprocessor.html?page=28#manual) for the IOAPIC/APIC/PIC mode and [this](https://www.xilinx.com/Attachment/Xilinx_Answer_58495_PCIe_Interrupt_Debugging_Guide.pdf) for the PCIe interrupts. – Margaret Bloom Mar 28 '19 at 16:47

0 Answers0