Are there any scenario where VMM will fail to inject an interrupt into a guest on Interrupt window exit?

Question

I am working on a custom Type 2 Hypervisor. My question is related to interrupt injection of emulated devices in the guest.

Scenario: The guest did some vmexit, before the next vmresume VMM found out that there is a pending interrupt present in the emulated interrupt controller. VMM requests for Interrupt Window Exit(IWE) on the subsequent vmresume. Once we get an IWE VMM writes the interrupt info into VM-entry interruption-information field 4016H and resumes guest execution.

Question: Is it guaranteed that the interrupt will be injected in the guest and handled through the guest IDT? Are there cases where interrupt injection can fail?

I am seeing a scenario where instead of going into the corresponding guest IDT entry, the guest resumes and starts executing something else in the guest kernel.

Details: Windows 64 bit guest, Intel VTx

Answer 1

There are reasons that an interrupt cannot be injected, but they will cause vm entry failure; it will never just ignore the injected interrupt. Examples are if IF is clear or if the previous instruction loaded SS, so interrupts are blocked for one instruction. However, when those cases apply, you wouldn’t have gotten an interrupt window exit.

Probably the interrupt wasn’t injected. One reason I can think of that that could happen is if the vm-entry interrupt information field was set up to deliver a fault, so an interrupt can’t be delivered at the same time.