Prevent detaching the boot volume

bioctl(8)'s -d has no sanity checks and happily "deletes" any volume,
whether currently in use or not.

For now, refuse to detach the boot volume as a (too) simple safety guard,
until proper logic around mounted file systems on top is implemented.

Found the hard way through "bioctl -d sd1" with sd1 hosting /, after which
it took both fsck(8) and installboot(8) from a miniroot USB to recover.

regress/sys/dev/softraid also triggers it if root is on softraid.

OK claudio op jsing

diff --git a/sys/dev/softraid.c b/sys/dev/softraid.c
index b243dd3..ac027fb 100644 (file)
--- a/sys/dev/softraid.c
+++ b/sys/dev/softraid.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: softraid.c,v 1.427 2022/09/11 19:34:40 miod Exp $ */
+/* $OpenBSD: softraid.c,v 1.428 2022/12/18 13:10:08 kn Exp $ */
 /*
  * Copyright (c) 2007, 2008, 2009 Marco Peereboom <marco@peereboom.us>
  * Copyright (c) 2008 Chris Kuethe <ckuethe@openbsd.org>
@@ -3622,6 +3622,16 @@ sr_ioctl_deleteraid(struct sr_softc *sc, struct sr_discipline *sd,
                }
        }
 
+       /*
+        * XXX Better check for mounted file systems and refuse to detach any
+        * volume that is actively in use.
+        */
+       if (bcmp(&sr_bootuuid, &sd->sd_meta->ssdi.ssd_uuid,
+           sizeof(sr_bootuuid)) == 0) {
+               sr_error(sc, "refusing to delete boot volume");
+               goto bad;
+       }
+
        sd->sd_deleted = 1;
        sd->sd_meta->ssdi.ssd_vol_flags = BIOC_SCNOAUTOASSEMBLE;
        sr_discipline_shutdown(sd, 1, 0);