I am getting an EPT Violation with bits 0, 1, 7, and 8 set in the exit qualification field. However, bit 6 is cleared in the EPTP. The spec indicates that it is only possible for both bits 0 and 1 to be set for the exit qualification if bit 6 is set in EPTP:
"1. If accessed and dirty flags for EPT are enabled, processor accesses to guest paging-structure entries are treated as writes with regard to EPT violations (see Section 188.8.131.52). If such an access causes an EPT violation, the processor sets both bit 0 and bit 1 of the exit qualification."
Are there other circumstances that would cause both bits 0 and 1 to be set? The address on which the EPT Violation is occurring is read only by the OS, so an access treated as a write, would be a problem. Thanks for any insight you can provide.