target-i386: Fixed syscall posssible segfault

In user-mode emulation env->idt.base memory is
allocated in linux-user/main.c with
size 8*512 = 4096 (for 64-bit).
When fake interrupt EXCP_SYSCALL is thrown
do_interrupt_user checks destination privilege level
for this fake exception, and tries to read 4 bytes
at address base + (256 * 2^4)=4096, that causes
segfault.

Privlege level was checked only for int's, so lets
read dpl from memory only for this case.

Signed-off-by: Stanislav Shmarov <snarpix@gmail.com>
Message-Id: <1473773008-2588376-1-git-send-email-snarpix@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386/seg_helper.c

@@ -1137,6 +1137,7 @@ static void do_interrupt_real(CPUX86State *env, int intno, int is_int,
 static void do_interrupt_user(CPUX86State *env, int intno, int is_int,
                               int error_code, target_ulong next_eip)
 {
+    if (is_int) {
         SegmentCache *dt;
         target_ulong ptr;
         int dpl, cpl, shift;
@@ -1154,9 +1155,10 @@ static void do_interrupt_user(CPUX86State *env, int intno, int is_int,
         dpl = (e2 >> DESC_DPL_SHIFT) & 3;
         cpl = env->hflags & HF_CPL_MASK;
         /* check privilege if software int */
-    if (is_int && dpl < cpl) {
+        if (dpl < cpl) {
             raise_exception_err(env, EXCP0D_GPF, (intno << shift) + 2);
         }
+    }
 
     /* Since we emulate only user space, we cannot do more than
        exiting the emulation with the suitable exception and error