[llvm] 01a09e0 - [llvm][cas] Bypass sandbox in on-disk CAS (#172763)
via llvm-commits
llvm-commits at lists.llvm.org
Thu Dec 18 09:25:29 PST 2025
Author: Jan Svoboda
Date: 2025-12-18T09:25:25-08:00
New Revision: 01a09e04d72a9909deda513506d1aeb430ab47ed
URL: https://github.com/llvm/llvm-project/commit/01a09e04d72a9909deda513506d1aeb430ab47ed
DIFF: https://github.com/llvm/llvm-project/commit/01a09e04d72a9909deda513506d1aeb430ab47ed.diff
LOG: [llvm][cas] Bypass sandbox in on-disk CAS (#172763)
This PR bypasses sandbox in the on-disk CAS implementation to match the
downstream patch: https://github.com/swiftlang/llvm-project/pull/12022
This isn't strictly necessary right now, since Clang doesn't integrate
with CAS upstream, but it'll make the future integration easier.
Added:
Modified:
llvm/lib/CAS/OnDiskGraphDB.cpp
llvm/lib/CAS/UnifiedOnDiskCache.cpp
Removed:
################################################################################
diff --git a/llvm/lib/CAS/OnDiskGraphDB.cpp b/llvm/lib/CAS/OnDiskGraphDB.cpp
index 01aabf279b970..8f01e152f90b0 100644
--- a/llvm/lib/CAS/OnDiskGraphDB.cpp
+++ b/llvm/lib/CAS/OnDiskGraphDB.cpp
@@ -57,6 +57,7 @@
#include "llvm/Support/Error.h"
#include "llvm/Support/ErrorHandling.h"
#include "llvm/Support/FileSystem.h"
+#include "llvm/Support/IOSandbox.h"
#include "llvm/Support/MemoryBuffer.h"
#include "llvm/Support/Path.h"
#include "llvm/Support/Process.h"
@@ -1226,6 +1227,8 @@ OnDiskGraphDB::load(ObjectID ExternalRef) {
SmallString<256> Path;
getStandalonePath(TrieRecord::getStandaloneFilePrefix(Object.SK), *I, Path);
+ auto BypassSandbox = sys::sandbox::scopedDisable();
+
auto File = sys::fs::openNativeFileForRead(Path);
if (!File)
return createFileError(Path, File.takeError());
@@ -1329,6 +1332,8 @@ OnDiskContent StandaloneDataInMemory::getContent() const {
static Expected<MappedTempFile> createTempFile(StringRef FinalPath,
uint64_t Size) {
+ auto BypassSandbox = sys::sandbox::scopedDisable();
+
assert(Size && "Unexpected request for an empty temp file");
Expected<TempFile> File = TempFile::create(FinalPath + ".%%%%%%");
if (!File)
@@ -1366,6 +1371,8 @@ Error OnDiskGraphDB::createStandaloneLeaf(IndexProxy &I, ArrayRef<char> Data) {
int64_t FileSize = Data.size() + Leaf0;
getStandalonePath(TrieRecord::getStandaloneFilePrefix(SK), I, Path);
+ auto BypassSandbox = sys::sandbox::scopedDisable();
+
// Write the file. Don't reuse this mapped_file_region, which is read/write.
// Let load() pull up one that's read-only.
Expected<MappedTempFile> File = createTempFile(Path, FileSize);
diff --git a/llvm/lib/CAS/UnifiedOnDiskCache.cpp b/llvm/lib/CAS/UnifiedOnDiskCache.cpp
index a03d044029196..71ca999b53941 100644
--- a/llvm/lib/CAS/UnifiedOnDiskCache.cpp
+++ b/llvm/lib/CAS/UnifiedOnDiskCache.cpp
@@ -82,6 +82,7 @@
#include "llvm/Support/Error.h"
#include "llvm/Support/FileSystem.h"
#include "llvm/Support/FileUtilities.h"
+#include "llvm/Support/IOSandbox.h"
#include "llvm/Support/MemoryBuffer.h"
#include "llvm/Support/Path.h"
#include "llvm/Support/Program.h"
@@ -390,6 +391,8 @@ Expected<std::unique_ptr<UnifiedOnDiskCache>>
UnifiedOnDiskCache::open(StringRef RootPath, std::optional<uint64_t> SizeLimit,
StringRef HashName, unsigned HashByteSize,
OnDiskGraphDB::FaultInPolicy FaultInPolicy) {
+ auto BypassSandbox = sys::sandbox::scopedDisable();
+
if (std::error_code EC = sys::fs::create_directories(RootPath))
return createFileError(RootPath, EC);
@@ -512,6 +515,8 @@ bool UnifiedOnDiskCache::hasExceededSizeLimit() const {
}
Error UnifiedOnDiskCache::close(bool CheckSizeLimit) {
+ auto BypassSandbox = sys::sandbox::scopedDisable();
+
if (LockFD == -1)
return Error::success(); // already closed.
auto CloseLock = make_scope_exit([&]() {
More information about the llvm-commits
mailing list