Showing results for 
Search instead for 
Did you mean: 

EPT Violation


I am getting an EPT Violation with bits 0, 1, 7, and 8 set in the exit qualification field.  However, bit 6 is cleared in the EPTP.  The spec indicates that it is only possible for both bits 0 and 1 to be set for the exit qualification if bit 6 is set in EPTP: 

"1. If accessed and dirty flags for EPT are enabled, processor accesses to guest paging-structure entries are treated as writes with regard to EPT violations (see Section If such an access causes an EPT violation, the processor sets both bit 0 and bit 1 of the exit qualification."

Are there other circumstances that would cause both bits 0 and 1 to be set?  The address on which the EPT Violation is occurring is read only by the OS, so an access treated as a write, would be a problem.  Thanks for any insight you can provide.


Tags (1)
0 Kudos
1 Reply

Hi Michelle,

Here is some feedback from my peer:


At the bottom of page 27-6 of Volume 3 of the SDM (revision 057), the text reads, "An EPT violation that occurs during as a result of execution of a read-modify-write operation sets bit 1 (data write). Whether it also sets bit 0 (data read) is implementation-specific and, for a given implementation, may differ for different kinds of read-modify-write operations."

This setting of both bits 0 and 1 can occur regardless of the value of bit 6 of EPTP.


Regards, Thai