disallow user to map the zeropage with segattach. an va of zero
already means "map in some free area". so an va of 1-pagesize will
error out.

Reference: /n/sources/patch/applied/kernel-segattch-zeropage
Date: Fri Apr 16 17:30:18 CES 2010
Signed-off-by: cinap_lenrek@gmx.de

--- /sys/src/9/port/segment.c	Fri Apr 16 17:30:07 2010
+++ /sys/src/9/port/segment.c	Fri Apr 16 17:30:04 2010
@@ -676,19 +676,24 @@
 	 * Starting at the lowest possible stack address - len,
 	 * check for an overlapping segment, and repeat at the
 	 * base of that segment - len until either a hole is found
-	 * or the address space is exhausted.
+	 * or the address space is exhausted. make sure we dont
+	 * map the zero page.
 	 */
 	if(va == 0) {
-		va = p->seg[SSEG]->base - len;
-		for(;;) {
-			os = isoverlap(p, va, len);
-			if(os == nil)
-				break;
+		os = p->seg[SSEG];
+		do {
 			va = os->base;
-			if(len > va)
+			if(len >= va)
 				error(Enovmem);
 			va -= len;
-		}
+			os = isoverlap(p, va, len);
+		} while(os != nil);
+	} else {
+		va = va&~(BY2PG-1);
+		if(va == 0 || va >= USTKTOP)
+			error(Ebadarg);
+		if(isoverlap(p, va, len) != nil)
+			error(Esoverlap);
 	}
 
 	va = va&~(BY2PG-1);