background image

Vol. 3C 28-11

VMX SUPPORT FOR ADDRESS TRANSLATION

i) If the access fails because of an EPT misconfiguration or an EPT violation (see above), an EPT-induced 

VM exit occurs.

ii) If the access does not cause an EPT-induced VM exit, memory is accessed using the ultimate physical 

address (the translation, using EPT, of the ultimate guest-physical address).

If CR0.PG = 0, a linear address is treated as a guest-physical address and is translated using EPT (see above). This 
process, if it completes without an EPT violation or EPT misconfiguration, produces a physical address and deter-
mines the privileges allowed by the EPT paging-structure entries. If these privileges do not allow the access to the 
physical address (see Section 28.2.3.2), an EPT violation occurs. Otherwise, memory is accessed using the phys-
ical address.

28.2.4 

Accessed and Dirty Flags for EPT

The Intel 64 architecture supports accessed and dirty flags in ordinary paging-structure entries (see Section 
4.8). Some processors also support corresponding flags in EPT paging-structure entries. Software should read the 
VMX capability MSR IA32_VMX_EPT_VPID_CAP (see Appendix A.10) to determine whether the processor supports 
this feature.
Software can enable accessed and dirty flags for EPT using bit 6 of the extended-page-table pointer (EPTP), a VM-
execution control field (see Table 24-8 in Section 24.6.11). If this bit is 1, the processor will set the accessed and 
dirty flags for EPT as described below. In addition, setting this flag causes processor accesses to guest paging-
structure entries to be treated as writes (see below and Section 28.2.3.2).
For any EPT paging-structure entry that is used during guest-physical-address translation, bit 8 is the accessed 
flag. For a EPT paging-structure entry that maps a page (as opposed to referencing another EPT paging structure), 
bit 9 is the dirty flag.
Whenever the processor uses an EPT paging-structure entry as part of guest-physical-address translation, it sets 
the accessed flag in that entry (if it is not already set).
Whenever there is a write to a guest-physical address, the processor sets the dirty flag (if it is not already set) in 
the EPT paging-structure entry that identifies the final physical address for the guest-physical address (either an 
EPT PTE or an EPT paging-structure entry in which bit 7 is 1).
When accessed and dirty flags for EPT are enabled, processor accesses to guest paging-structure entries are 
treated as writes (see Section 28.2.3.2). Thus, such an access will cause the processor to set the dirty flag in the 
EPT paging-structure entry that identifies the final physical address of the guest paging-structure entry.
(This does not apply to loads of the PDPTE registers for PAE paging by the MOV to CR instruction; see Section 4.4.1. 
Those loads of guest PDPTEs are treated as reads and do not cause the processor to set the dirty flag in any EPT 
paging-structure entry.)
These flags are “sticky,” meaning that, once set, the processor does not clear them; only software can clear them.
A processor may cache information from the EPT paging-structure entries in TLBs and paging-structure caches 
(see Section 28.3). This fact implies that, if software changes an accessed flag or a dirty flag from 1 to 0, the 
processor might not set the corresponding bit in memory on a subsequent access using an affected guest-physical 
address.

28.2.5 Page-Modification 

Logging

When accessed and dirty flags for EPT are enabled, software can track writes to guest-physical addresses using a 
feature called page-modification logging.
Software can enable page-modification logging by setting the “enable PML” VM-execution control (see Table 24-7 
in Section 24.6.2). When this control is 1, the processor adds entries to the page-modification log as described 
below. The page-modification log is a 4-KByte region of memory located at the physical address in the PML address 
VM-execution control field. The page-modification log consists of 512 64-bit entries; the PML index VM-execution 
control field indicates the next entry to use.
Before allowing a guest-physical access, the processor may determine that it first needs to set an accessed or dirty 
flag for EPT (see Section 28.2.4). When this happens, the processor examines the PML index. If the PML index is