kernel: prohibit changing cache attributes (SG_CACHED|SG_DEVICE) in segattach(), set SG_RONLY in data2txt()

the user should not be able to change the cache
attributes for a segment in segattach() as this
can cause the same memory to be mapped with
conflicting attributes in the cache.

SG_TEXT should always be mapped with SG_RONLY
attribute. so fix data2txt() to follow the rules.

sys/src/9/port/segment.c

@@ -177,8 +177,8 @@ dupseg(Segment **seg, int segno, int share)
 	case SG_DATA:		/* Copy on write plus demand load info */
 		if(segno == TSEG){
 			n = data2txt(s);
-			poperror();
 			qunlock(s);
+			poperror();
 			return n;
 		}
 
@@ -200,14 +200,14 @@ dupseg(Segment **seg, int segno, int share)
 	n->flushme = s->flushme;
 	if(s->ref > 1)
 		procflushseg(s);
-	poperror();
 	qunlock(s);
+	poperror();
 	return n;
 
 sameseg:
 	incref(s);
-	poperror();
 	qunlock(s);
+	poperror();
 	return s;
 }
 
@@ -680,8 +680,11 @@ segattach(int attr, char *name, uintptr va, uintptr len)
 	if(len > ps->size)
 		error(Enovmem);
 
-	attr &= ~SG_TYPE;		/* Turn off what is not allowed */
-	attr |= ps->attr;		/* Copy in defaults */
+	/* Turn off what is not allowed */
+	attr &= ~(SG_TYPE | SG_CACHED | SG_DEVICE);
+
+	/* Copy in defaults */
+	attr |= ps->attr;
 
 	s = newseg(attr, va, len/BY2PG);
 	s->pseg = ps;
@@ -788,7 +791,7 @@ data2txt(Segment *s)
 {
 	Segment *ps;
 
-	ps = newseg(SG_TEXT, s->base, s->size);
+	ps = newseg(SG_TEXT | SG_RONLY, s->base, s->size);
 	ps->image = s->image;
 	incref(ps->image);
 	ps->fstart = s->fstart;

sys/src/9/port/sysproc.c

@@ -512,7 +512,7 @@ sysexec(va_list list)
 
 	/* Text.  Shared. Attaches to cache image if possible */
 	/* attachimage returns a locked cache image */
-	img = attachimage(SG_TEXT|SG_RONLY, tc, UTZERO, (t-UTZERO)>>PGSHIFT);
+	img = attachimage(SG_TEXT | SG_RONLY, tc, UTZERO, (t-UTZERO)>>PGSHIFT);
 	ts = img->s;
 	up->seg[TSEG] = ts;
 	ts->flushme = 1;