I write a piece of code to test the action of Accessed and Dirty bit of EPT in Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz. Firstly I build a totally new EPT paging structure with A/D logging on, then run some operating system codes and log all the EPT violation (say trap log). At some point I paused the OS, parse the EPT paging structure and log all the entries built in the past period (say A/D log).
Here I get some interesting points:
- Some EPT entries are built without either Accessed or Dirty bit set, does this mean that CPU only construct these entries but doesn't touch them?
- Some entries only exist in A/D log. Does A/D logging module has some bias or some mistake?
These two logs (trap log and A/D log) should be the same according to my understanding, and when I tried in the previous CPU with A/D bit supporting, these two logs are exactly the same, though I cannot distinguish Accessed or Dirty in A/D log.