The existing guest_apic_protected boolean flag is insufficient for
handling different protected guest technologies. While both Intel TDX
and AMD SNP (with Secure AVIC) protect the virtual APIC, they use
fundamentally different interrupt delivery mechanisms.

TDX relies on hardware-managed Posted Interrupts, whereas Secure AVIC
requires KVM to perform explicit software-based interrupt injection.
The current flag cannot distinguish between these two models.

To address this, introduce a new flag, prot_apic_intr_inject. This flag
is true for protected guests that require KVM to inject interrupts and
false for those that use a hardware-managed delivery mechanism.

This preparatory change allows subsequent commits to implement the correct
interrupt handling logic for Secure AVIC.

Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
 arch/x86/kvm/lapic.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 72de14527698..f48218fd4638 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -70,7 +70,10 @@ struct kvm_lapic {
 	bool irr_pending;
 	bool lvt0_in_nmi_mode;
 	/* Select registers in the vAPIC cannot be read/written. */
-	bool guest_apic_protected;
+	struct {
+		bool guest_apic_protected;
+		bool prot_apic_intr_inject;
+	};
 	/* Number of bits set in ISR. */
 	s16 isr_count;
 	/* The highest vector set in ISR; if -1 - invalid, must scan ISR. */
-- 
2.34.1