Index: sys/dev/dksubr.c
===================================================================
RCS file: /cvsroot/src/sys/dev/dksubr.c,v
retrieving revision 1.101
diff -u -r1.101 dksubr.c
--- sys/dev/dksubr.c	4 Dec 2017 22:15:52 -0000	1.101
+++ sys/dev/dksubr.c	28 Apr 2018 14:55:39 -0000
@@ -762,10 +762,11 @@
     daddr_t blkno, void *vav, size_t size)
 {
 	const struct dkdriver *dkd = dksc->sc_dkdev.dk_driver;
+	struct disk_geom *dg = &dksc->sc_dkdev.dk_geom;
 	char *va = vav;
 	struct disklabel *lp;
 	struct partition *p;
-	int part, towrt, nsects, sectoff, maxblkcnt, nblk;
+	int part, towrt, maxblkcnt, nblk;
 	int maxxfer, rv = 0;
 
 	/*
@@ -804,23 +805,44 @@
 	blkno = dbtob(blkno) / lp->d_secsize;   /* blkno in secsize units */
 
 	p = &lp->d_partitions[part];
-	if (p->p_fstype != FS_SWAP) {
-		DPRINTF(DKDB_DUMP, ("%s: bad fstype %d\n", __func__,
-		    p->p_fstype));
-		return ENXIO;
-	}
-	nsects = p->p_size;
-	sectoff = p->p_offset;
+	if (part == RAW_PART) {
+		if (p->p_fstype != FS_UNUSED) {
+			DPRINTF(DKDB_DUMP, ("%s: bad fstype %d\n", __func__,
+			    p->p_fstype));
+			return ENXIO;
+		}
+		/* Check wether dump goes to a wedge */
+		if (dksc->sc_dkdev.dk_nwedges == 0) {
+			DPRINTF(DKDB_DUMP, ("%s: dump to raw\n", __func__));
+			return ENXIO;
+		}
+		/* Check transfer bounds against media size */
+		if (blkno < 0 || (blkno + towrt) > dg->dg_secperunit) {
+			DPRINTF(DKDB_DUMP, ("%s: out of bounds blkno=%jd, towrt=%d, "
+			    "nsects=%jd\n", __func__, (intmax_t)blkno, towrt, dg->dg_secperunit));
+			return EINVAL;
+		}
+	} else {
+		int nsects, sectoff;
 
-	/* Check transfer bounds against partition size. */
-	if ((blkno < 0) || ((blkno + towrt) > nsects)) {
-		DPRINTF(DKDB_DUMP, ("%s: out of bounds blkno=%jd, towrt=%d, "
-		    "nsects=%d\n", __func__, (intmax_t)blkno, towrt, nsects));
-		return EINVAL;
-	}
+		if (p->p_fstype != FS_SWAP) {
+			DPRINTF(DKDB_DUMP, ("%s: bad fstype %d\n", __func__,
+			    p->p_fstype));
+			return ENXIO;
+		}
+		nsects = p->p_size;
+		sectoff = p->p_offset;
 
-	/* Offset block number to start of partition. */
-	blkno += sectoff;
+		/* Check transfer bounds against partition size. */
+		if ((blkno < 0) || ((blkno + towrt) > nsects)) {
+			DPRINTF(DKDB_DUMP, ("%s: out of bounds blkno=%jd, towrt=%d, "
+			    "nsects=%d\n", __func__, (intmax_t)blkno, towrt, nsects));
+			return EINVAL;
+		}
+
+		/* Offset block number to start of partition. */
+		blkno += sectoff;
+	}
 
 	/* Start dumping and return when done. */
 	maxblkcnt = howmany(maxxfer, lp->d_secsize);
Index: sys/dev/dkwedge/dk.c
===================================================================
RCS file: /cvsroot/src/sys/dev/dkwedge/dk.c,v
retrieving revision 1.96
diff -u -r1.96 dk.c
--- sys/dev/dkwedge/dk.c	5 Mar 2017 23:07:12 -0000	1.96
+++ sys/dev/dkwedge/dk.c	28 Apr 2018 14:55:39 -0000
@@ -1613,7 +1613,7 @@
 		rv = EINVAL;
 		goto out;
 	}
-	if (blkno + size / DEV_BSIZE > sc->sc_size) {
+	if (blkno < 0 || blkno + size / DEV_BSIZE > sc->sc_size) {
 		printf("%s: blkno (%" PRIu64 ") + size / DEV_BSIZE (%zu) > "
 		    "sc->sc_size (%" PRIu64 ")\n", __func__, blkno,
 		    size / DEV_BSIZE, sc->sc_size);