Juzt implemented it to send it to all CPUs through the IO APIC (IR line 23). The IO APIC in turn either sends it to all CPUs (if masked) or handle it itself (sending to one or more specified CPUs or all CPUs through the APIC bus instead).

Just found out a bit more about it:
http://datasheets.chipdb.org/Intel/x86/Pentiu … te/24333743.pdf

So apparently, when a P6 (Pentium Pro/II) receives a SMI, the following happens:
- If it's a BSP, it will trigger SMM right away (on a instruction boundary of course) and stop HLT when in said state.
- If it's not a BSP that's waiting for a SIPI (after RESET or INIT), it will trigger the SMM immediately when receiving the SIPI, after the initial state of the SIPI has been loaded (it's kept pending on the CPU until SIPI wakes it up). If it's already woken up, it will of course trigger a SMM on the instruction boundary (and leave HLT if it was in HLT state).

So basically, if the BSP is running (it always is) and the other CPUs are in INIT state, the following happens:
- SMI arrives at the BSP. It's fired on the instruction boundary and triggers SMM.
- SMI also arrives on the other CPUs or cores. It will keep it pending. When the CPU receives the SMI through any means, it will start pending said SMI. When it eventually receives a SIPI, the SIPI executes and initializes the CPU normally, then immediately triggers the switch to SMM.

I'd assume that the SMM on a non-BSP has priority over the SIPI execution of the first instruction? So the SIPI initializes the CPU state, which then immediately (before execution the initial instruction) triggers SMM. SMM executes and then returns to the very first instruction that the SIPI was pointing to using CS:IP.

Would that be correct behaviour?