x86/sev: Initialize VGIF for secondary vCPUs for Secure AVIC

Virtual GIF (VGIF) provides masking capability for when virtual interrupts
(virtual maskable interrupts, virtual NMIs) can be taken by the guest vCPU.

The Secure AVIC hardware reads VGIF state from the vCPU's VMSA. So, set VGIF for
secondary CPUs (the configuration for the boot CPU is done by the hypervisor),
to unmask delivery of virtual interrupts  to the vCPU.

Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tianyu Lan <tiala@microsoft.com>
Link: https://lore.kernel.org/20250828111141.208920-1-Neeraj.Upadhyay@amd.com

diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index da9fa9d7254b6184910147b3e0e6f9924fd866db..37b1d41e68d0d7c5f90f26fd0bb34336feed798e 100644 (file)
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -974,6 +974,9 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip, unsigned
        vmsa->x87_ftw           = AP_INIT_X87_FTW_DEFAULT;
        vmsa->x87_fcw           = AP_INIT_X87_FCW_DEFAULT;
 
+       if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
+               vmsa->vintr_ctrl        |= V_GIF_MASK;
+
        /* SVME must be set. */
        vmsa->efer              = EFER_SVME;