Don't dump on the label sector or below. This avoids clobbering the

label if the dump device overflaps the label (which is a slight
misconfiguration).  Dump routines don't use dscheck(), so the normal
write protection of the label doesn't help.

Reduced some nearby overflow bugs.  In disk_dumpcheck(), there was
(fatal but fail-safe) overflow on i386's with 4GB of memory, at least
if Maxmem was the top page (can this happen?).  The fix assumes that
the sector size divides PAGE_SIZE (dump routines already assume this).
In setdumpdev(), the corresponding overflow occurred with only about
2GB of memory on all machines with 32-bit ints.  This allowed setdumpdev()
to succeed when it shouldn't have, but then disk_dumpcheck() failed
safe later.  Except in old versions of FreeBSD like RELENG_3 where
there is no disk_dumpcheck().

PR:		28164 (label clobbering part)
MFC after:	1 week

sys/kern/kern_shutdown.c

@@ -50,6 +50,7 @@
 #include <sys/buf.h>
 #include <sys/conf.h>
 #include <sys/cons.h>
+#include <sys/disklabel.h>
 #include <sys/eventhandler.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
@@ -429,8 +430,8 @@ setdumpdev(dev_t dev)
 	/*
 	 * XXX should clean up checking in dumpsys() to be more like this.
 	 */
-	newdumplo = psize - Maxmem * PAGE_SIZE / DEV_BSIZE;
-	if (newdumplo < 0)
+	newdumplo = psize - Maxmem * (PAGE_SIZE / DEV_BSIZE);
+	if (newdumplo <= LABELSECTOR)
 		return (ENOSPC);
 	dumpdev = dev;
 	dumplo = newdumplo;

sys/kern/subr_disk.c

@@ -154,8 +154,8 @@ disk_dumpcheck(dev_t dev, u_int *count, u_int *blkno, u_int *secsize)
 	dl = dsgetlabel(dev, dp->d_slice);
 	if (!dl)
 		return (ENXIO);
-	*count = (u_long)Maxmem * PAGE_SIZE / dl->d_secsize;
-	if (dumplo < 0 || 
+	*count = Maxmem * (PAGE_SIZE / dl->d_secsize);
+	if (dumplo <= LABELSECTOR || 
 	    (dumplo + *count > dl->d_partitions[dkpart(dev)].p_size))
 		return (EINVAL);
 	boff = dl->d_partitions[dkpart(dev)].p_offset +