Hi, I have done similar things posted in http://article.gmane.org/gmane.comp.emulators.kvm.devel/95342/match=tracking+guest+writes+ept . However, I found some very weird situations. Basically, in the guest vm, I allocate a chunk of memory (with size of a page) in a user level program. Through a guest kernel level module and my self defined hypercall, I pass the gva of this memory to kvm. Then I try different methods in the hypercall handler to write protect this page of memory. You can see that I want to write protect it through ETP instead of write protected in the guest page tables. 1. I use kvm_mmu_gva_to_gpa_read to translate the gva into gpa. Based on the function, kvm_mmu_get_spte_hierarchy(vcpu, gpa, spte[4]), I change the codes to read sptep (the pointer to spte) instead of spte, so I can modify the spte corresponding to this gpa. What I observe is that if I modify spte[0] (I think this is the lowest level page table entry corresponding to EPT table; I can successfully modify it as the changes are reflected in the result of calling kvm_mmu_get_spte_hierarchy again), but my user level program in vm can still write to this page. In this post, it mentioned (the shadow pages in the highest level (level = 4 on EPT)), I don't understand this part. Does this mean I have to modify spte[3] instead of spte[0]? I just try modify spte[1] and spte[3], both can cause vmexit. So I am totally confused about the meaning of level used in shadow page table and its relations to shadow page table. Can you help me to understand this? 2. As suggested by this post, I also use rmap_write_protect() to write protect this page. With kvm_mmu_get_spte_hierarchy(vcpu, gpa, spte[4]), I still can see that spte[0] gives me results like xxxxxx005, this means that the function is called successfully and write protected bit is cleared in pte. But still I can write to this page. I even try the function kvm_age_hva() to remove this spte, this gives me 0 of spte[0], but I still can write to this page. So I am further confused about the level used in the shadow page? Really thanks and appreciate your reply. Hugo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html