From: Kishon Vijay Abraham I <kvijayab@amd.com>

Unlike standard SVM which uses the V_GIF (Virtual Global Interrupt Flag)
bit in the VMCB, Secure AVIC ignores this field.

Instead, the hardware requires an equivalent V_GIF bit to be set within
the vintr_ctrl field of the VMSA (Virtual Machine Save Area). Failure
to set this bit will cause the hardware to block all interrupt delivery,
rendering the guest non-functional.

To enable interrupts for Secure AVIC guests, modify sev_es_sync_vmsa()
to unconditionally set the V_GIF_MASK in the VMSA's vintr_ctrl field
whenever Secure AVIC is active. This ensures the hardware correctly
identifies the guest as interruptible.

Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
 arch/x86/kvm/svm/sev.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 837ab55a3330..2dee210efb37 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -884,6 +884,9 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm)
 
 	save->sev_features = sev->vmsa_features;
 
+	if (sev_savic_active(vcpu->kvm))
+		save->vintr_ctrl |= V_GIF_MASK;
+
 	/*
 	 * Skip FPU and AVX setup with KVM_SEV_ES_INIT to avoid
 	 * breaking older measurements.
-- 
2.34.1