Don't dump on the label sector or below. This avoids clobbering the

label if the dump device overflaps the label (which is a slight
misconfiguration).  Dump routines don't use dscheck(), so the normal
write protection of the label doesn't help.

Reduced some nearby overflow bugs.  In disk_dumpcheck(), there was
(fatal but fail-safe) overflow on i386's with 4GB of memory, at least
if Maxmem was the top page (can this happen?).  The fix assumes that
the sector size divides PAGE_SIZE (dump routines already assume this).
In setdumpdev(), the corresponding overflow occurred with only about
2GB of memory on all machines with 32-bit ints.  This allowed setdumpdev()
to succeed when it shouldn't have, but then disk_dumpcheck() failed
safe later.  Except in old versions of FreeBSD like RELENG_3 where
there is no disk_dumpcheck().

PR:		28164 (label clobbering part)
MFC after:	1 week

1 files changed, 3 insertions, 2 deletions

diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c
index d971ba4..91f45ab 100644
--- a/sys/kern/kern_shutdown.c
+++ b/sys/kern/kern_shutdown.c
@@ -50,6 +50,7 @@
 #include <sys/buf.h>
 #include <sys/conf.h>
 #include <sys/cons.h>
+#include <sys/disklabel.h>
 #include <sys/eventhandler.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
@@ -429,8 +430,8 @@ setdumpdev(dev_t dev)
 	/*
 	 * XXX should clean up checking in dumpsys() to be more like this.
 	 */
-	newdumplo = psize - Maxmem * PAGE_SIZE / DEV_BSIZE;
-	if (newdumplo < 0)
+	newdumplo = psize - Maxmem * (PAGE_SIZE / DEV_BSIZE);
+	if (newdumplo <= LABELSECTOR)
 		return (ENOSPC);
 	dumpdev = dev;
 	dumplo = newdumplo;