x86: make more use of wr{f,g}sbase()

With suitable canonical address checks added these can also be used in
do_set_segment_base().

Also with a canonical address check now in place, there's no need for
priv_op_write_msr() to use wrmsr_safe() anymore.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2613,9 +2613,9 @@ static int priv_op_write_msr(unsigned in
         return X86EMUL_OKAY;
 
     case MSR_SHADOW_GS_BASE:
-        if ( is_pv_32bit_domain(currd) || !is_canonical_address(val) ||
-             wrmsr_safe(MSR_SHADOW_GS_BASE, val) )
+        if ( is_pv_32bit_domain(currd) || !is_canonical_address(val) )
             break;
+        wrmsrl(MSR_SHADOW_GS_BASE, val);
         curr->arch.pv_vcpu.gs_base_user = val;
         return X86EMUL_OKAY;
 
--- a/xen/arch/x86/x86_64/mm.c
+++ b/xen/arch/x86/x86_64/mm.c
@@ -1037,24 +1037,33 @@ long do_set_segment_base(unsigned int wh
     switch ( which )
     {
     case SEGBASE_FS:
-        if ( wrmsr_safe(MSR_FS_BASE, base) )
-            ret = -EFAULT;
-        else
+        if ( is_canonical_address(base) )
+        {
+            wrfsbase(base);
             v->arch.pv_vcpu.fs_base = base;
+        }
+        else
+            ret = -EINVAL;
         break;
 
     case SEGBASE_GS_USER:
-        if ( wrmsr_safe(MSR_SHADOW_GS_BASE, base) )
-            ret = -EFAULT;
-        else
+        if ( is_canonical_address(base) )
+        {
+            wrmsrl(MSR_SHADOW_GS_BASE, base);
             v->arch.pv_vcpu.gs_base_user = base;
+        }
+        else
+            ret = -EINVAL;
         break;
 
     case SEGBASE_GS_KERNEL:
-        if ( wrmsr_safe(MSR_GS_BASE, base) )
-            ret = -EFAULT;
-        else
+        if ( is_canonical_address(base) )
+        {
+            wrgsbase(base);
             v->arch.pv_vcpu.gs_base_kernel = base;
+        }
+        else
+            ret = -EINVAL;
         break;
 
     case SEGBASE_GS_USER_SEL: