[clang] [llvm] [clang] Allow enabling sandbox for direct `-cc1` invocations (PR #174653)

Jan Svoboda via cfe-commits Wed, 07 Jan 2026 13:13:16 -0800

https://github.com/jansvoboda11 updated 
https://github.com/llvm/llvm-project/pull/174653


>From 8cdae2843e8e170980044df373fc91915516c73f Mon Sep 17 00:00:00 2001
From: Jan Svoboda <[email protected]>
Date: Mon, 5 Jan 2026 13:44:24 -0800
Subject: [PATCH 1/2] [clang] Allow enabling sandbox for direct `-cc1`
 invocations

---
 clang/tools/driver/cc1gen_reproducer_main.cpp | 3 +++
 clang/tools/driver/driver.cpp                 | 5 ++++-
 llvm/CMakeLists.txt                           | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/clang/tools/driver/cc1gen_reproducer_main.cpp 
b/clang/tools/driver/cc1gen_reproducer_main.cpp
index 14548c39975da..851d252015c44 100644
--- a/clang/tools/driver/cc1gen_reproducer_main.cpp
+++ b/clang/tools/driver/cc1gen_reproducer_main.cpp
@@ -116,6 +116,9 @@ generateReproducerForInvocationArguments(
     ArrayRef<const char *> Argv, const ClangInvocationInfo &Info,
     const llvm::ToolContext &ToolContext,
     IntrusiveRefCntPtr<llvm::vfs::FileSystem> VFS) {
+  // The driver is not expected to be free of sandbox violations.
+  auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
+
   using namespace driver;
   auto TargetAndMode = ToolChain::getTargetAndModeFromProgramName(Argv[0]);
 
diff --git a/clang/tools/driver/driver.cpp b/clang/tools/driver/driver.cpp
index 1e2c9884ba63d..485b9666222bb 100644
--- a/clang/tools/driver/driver.cpp
+++ b/clang/tools/driver/driver.cpp
@@ -38,6 +38,7 @@
 #include "llvm/Support/CrashRecoveryContext.h"
 #include "llvm/Support/ErrorHandling.h"
 #include "llvm/Support/FileSystem.h"
+#include "llvm/Support/IOSandbox.h"
 #include "llvm/Support/LLVMDriver.h"
 #include "llvm/Support/Path.h"
 #include "llvm/Support/PrettyStackTrace.h"
@@ -264,8 +265,10 @@ int clang_main(int Argc, char **Argv, const 
llvm::ToolContext &ToolContext) {
   }
 
   // Handle -cc1 integrated tools.
-  if (Args.size() >= 2 && StringRef(Args[1]).starts_with("-cc1"))
+  if (Args.size() >= 2 && StringRef(Args[1]).starts_with("-cc1")) {
+    auto EnableSandbox = llvm::sys::sandbox::scopedEnable();
     return ExecuteCC1Tool(Args, ToolContext, VFS);
+  }
 
   // Handle options that need handling before the real command line parsing in
   // Driver::BuildCompilation()
diff --git a/llvm/CMakeLists.txt b/llvm/CMakeLists.txt
index f0e4f5d7d6f60..d9e5b08aa7d1e 100644
--- a/llvm/CMakeLists.txt
+++ b/llvm/CMakeLists.txt
@@ -697,7 +697,7 @@ else()
   option(LLVM_ENABLE_ASSERTIONS "Enable assertions" ON)
 endif()
 
-option(LLVM_ENABLE_IO_SANDBOX "Enable IO sandboxing in supported tools" OFF)
+option(LLVM_ENABLE_IO_SANDBOX "Enable IO sandboxing in supported tools" ON) # 
FIXME: Change back to OFF before committing.
 option(LLVM_ENABLE_EXPENSIVE_CHECKS "Enable expensive checks" OFF)
 
 set(LLVM_ABI_BREAKING_CHECKS "WITH_ASSERTS" CACHE STRING

>From d410d2d9e106639c32bf9dad26bb42173e016db2 Mon Sep 17 00:00:00 2001
From: Jan Svoboda <[email protected]>
Date: Wed, 7 Jan 2026 13:12:22 -0800
Subject: [PATCH 2/2] Revert cmake setting default, add a comment

---
 clang/tools/driver/driver.cpp | 4 ++++
 llvm/CMakeLists.txt           | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/clang/tools/driver/driver.cpp b/clang/tools/driver/driver.cpp
index 485b9666222bb..490136961ebc6 100644
--- a/clang/tools/driver/driver.cpp
+++ b/clang/tools/driver/driver.cpp
@@ -266,6 +266,10 @@ int clang_main(int Argc, char **Argv, const 
llvm::ToolContext &ToolContext) {
 
   // Handle -cc1 integrated tools.
   if (Args.size() >= 2 && StringRef(Args[1]).starts_with("-cc1")) {
+    // Note that this only enables the sandbox for direct -cc1 invocations and
+    // out-of-process -cc1 invocations launched by the driver. For in-process
+    // -cc1 invocations launched by the driver, the sandbox is enabled in
+    // CC1Command::Execute() for better crash recovery.
     auto EnableSandbox = llvm::sys::sandbox::scopedEnable();
     return ExecuteCC1Tool(Args, ToolContext, VFS);
   }
diff --git a/llvm/CMakeLists.txt b/llvm/CMakeLists.txt
index d9e5b08aa7d1e..f0e4f5d7d6f60 100644
--- a/llvm/CMakeLists.txt
+++ b/llvm/CMakeLists.txt
@@ -697,7 +697,7 @@ else()
   option(LLVM_ENABLE_ASSERTIONS "Enable assertions" ON)
 endif()
 
-option(LLVM_ENABLE_IO_SANDBOX "Enable IO sandboxing in supported tools" ON) # 
FIXME: Change back to OFF before committing.
+option(LLVM_ENABLE_IO_SANDBOX "Enable IO sandboxing in supported tools" OFF)
 option(LLVM_ENABLE_EXPENSIVE_CHECKS "Enable expensive checks" OFF)
 
 set(LLVM_ABI_BREAKING_CHECKS "WITH_ASSERTS" CACHE STRING

_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [llvm] [clang] Allow enabling sandbox for direct `-cc1` invocations (PR #174653)

Reply via email to