Logging Events into Buffers

When an event log type is successfully enabled as described in Enabling and Disabling Event Logging, the hypervisor can begin logging from the specified event sources. As logging proceeds, the hypervisor selects free buffers on demand from the event log buffer group to become the active buffer and places the buffers in the "in use" state. For types that use the global buffer class, at most one buffer will be active at any time. For types that use the local buffer class, at most one buffer per logical processor will be "in use" at any time. The hypervisor will select local buffers based on the logical processor that the local buffer class is associated with. When any "in use" buffer cannot hold another entry (or the guest flushes active buffers), the buffer is placed in the "complete" state. When the number of buffers in the "complete" state reaches the threshold value that is defined at initialization time, the hypervisor places the buffers into a "ready" state and sends an "event log buffers ready" message to the guest. The message passes a list of buffers that are ready for the guest to examine. Note that the list might contain more buffers than the threshold value setting. For more information about this "event log buffers ready" message, see Event Log Buffers Ready Message.

A buffer header will be present at the start of each buffer, possibly followed by a series of event log entries. These entries are added to the buffer in a packed, sequential manner. There might be unused space at the end of the buffer. The buffer remains in the control (read-only) of the guest until the guest calls the HvReleaseEventLogBuffer hypercall function to release the buffer back into the buffer group to be placed on the free list for reuse.

If the hypervisor is unable to obtain a free buffer when an event is ready to be recorded, the event will be lost. A mechanism to detect the loss of event messages is provided.

Send comments about this topic to Microsoft

Build date: 11/16/2013