target/i386: Pass host pointer and size to cpu_x86_{fsave,frstor}

We have already validated the memory region in the course of
validating the signal frame.  No need to do it again within
the helper function.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user/i386/signal.c

@@ -373,7 +373,7 @@ static void setup_sigcontext(CPUX86State *env,
     __put_user(env->regs[R_ESP], &sc->esp_at_signal);
     __put_user(env->segs[R_SS].selector, (uint32_t *)&sc->ss);
 
-    cpu_x86_fsave(env, fpstate_addr, 1);
+    cpu_x86_fsave(env, fpstate, sizeof(*fpstate));
     fpstate->status = fpstate->swd;
     magic = (fpkind == FPSTATE_FSAVE ? 0 : 0xffff);
     __put_user(magic, &fpstate->magic);
@@ -702,7 +702,7 @@ static bool frstor_sigcontext(CPUX86State *env, FPStateKind fpkind,
      * the merge within ENV by loading XSTATE/FXSTATE first, then
      * overriding with the FSTATE afterward.
      */
-    cpu_x86_frstor(env, fpstate_addr, 1);
+    cpu_x86_frstor(env, fpstate, sizeof(*fpstate));
     return true;
 }
 #endif

target/i386/cpu.h

@@ -2266,11 +2266,13 @@ int cpu_x86_get_descr_debug(CPUX86State *env, unsigned int selector,
 /* used for debug or cpu save/restore */
 
 /* cpu-exec.c */
-/* the following helpers are only usable in user mode simulation as
-   they can trigger unexpected exceptions */
+/*
+ * The following helpers are only usable in user mode simulation.
+ * The host pointers should come from lock_user().
+ */
 void cpu_x86_load_seg(CPUX86State *s, X86Seg seg_reg, int selector);
-void cpu_x86_fsave(CPUX86State *s, target_ulong ptr, int data32);
-void cpu_x86_frstor(CPUX86State *s, target_ulong ptr, int data32);
+void cpu_x86_fsave(CPUX86State *s, void *host, size_t len);
+void cpu_x86_frstor(CPUX86State *s, void *host, size_t len);
 void cpu_x86_fxsave(CPUX86State *s, target_ulong ptr);
 void cpu_x86_fxrstor(CPUX86State *s, target_ulong ptr);
 void cpu_x86_xsave(CPUX86State *s, target_ulong ptr, uint64_t rbfm);

target/i386/tcg/fpu_helper.c

@@ -3017,22 +3017,28 @@ void helper_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm)
 }
 
 #if defined(CONFIG_USER_ONLY)
-void cpu_x86_fsave(CPUX86State *env, target_ulong ptr, int data32)
+void cpu_x86_fsave(CPUX86State *env, void *host, size_t len)
 {
-    int size = (14 << data32) + 80;
-    X86Access ac;
+    X86Access ac = {
+        .haddr1 = host,
+        .size = 4 * 7 + 8 * 10,
+        .env = env,
+    };
 
-    access_prepare(&ac, env, ptr, size, MMU_DATA_STORE, 0);
-    do_fsave(&ac, ptr, data32);
+    assert(ac.size <= len);
+    do_fsave(&ac, 0, true);
 }
 
-void cpu_x86_frstor(CPUX86State *env, target_ulong ptr, int data32)
+void cpu_x86_frstor(CPUX86State *env, void *host, size_t len)
 {
-    int size = (14 << data32) + 80;
-    X86Access ac;
+    X86Access ac = {
+        .haddr1 = host,
+        .size = 4 * 7 + 8 * 10,
+        .env = env,
+    };
 
-    access_prepare(&ac, env, ptr, size, MMU_DATA_LOAD, 0);
-    do_frstor(&ac, ptr, data32);
+    assert(ac.size <= len);
+    do_frstor(&ac, 0, true);
 }
 
 void cpu_x86_fxsave(CPUX86State *env, target_ulong ptr)