Skip to content

[Docs] add cache directory security guidance#38920

Merged
sfeng33 merged 2 commits into
mainfrom
security-guide-cache-notes
May 6, 2026
Merged

[Docs] add cache directory security guidance#38920
sfeng33 merged 2 commits into
mainfrom
security-guide-cache-notes

Conversation

@russellb

@russellb russellb commented Apr 3, 2026

Copy link
Copy Markdown
Member

Document that vLLM cache directories are assumed private and trusted,
and that providing untrusted access could result in crashes or arbitrary
code execution. List the relevant environment variables that control
cache locations.

Signed-off-by: Russell Bryant rbryant@redhat.com

@mergify

mergify Bot commented Apr 3, 2026

Copy link
Copy Markdown
Contributor

Documentation preview: https://vllm--38920.org.readthedocs.build/en/38920/

@mergify mergify Bot added the documentation Improvements or additions to documentation label Apr 3, 2026
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 3, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a 'Cache Directory Security' section to the documentation, detailing the security implications of vLLM's cache management and listing relevant environment variables. The review feedback highlights that the documentation inaccurately implies all caches are under a single root, specifically noting that the Triton cache is a separate, critical path for security. Suggestions were made to include TRITON_CACHE_DIR in the configuration table and to broaden permission recommendations to cover these external cache locations.

Comment thread docs/usage/security.md Outdated
Comment thread docs/usage/security.md
Comment thread docs/usage/security.md Outdated
russellb added 2 commits May 6, 2026 13:56
@russellb
[Docs] add cache directory security guidance
2e86aeb 
Document that vLLM cache directories are assumed private and trusted,
and that providing untrusted access could result in crashes or arbitrary
code execution. List the relevant environment variables that control
cache locations.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
@russellb
[Docs] clarify Triton cache location in security guidance
9068d2a 
Address review feedback by noting that vLLM redirects TRITON_CACHE_DIR
under VLLM_CACHE_ROOT when compile caching is enabled (the default),
and that ~/.triton/cache is only used as a fallback when compile caching
is disabled.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Signed-off-by: Russell Bryant <rbryant@redhat.com>
@russellb russellb force-pushed the security-guide-cache-notes branch from e530353 to 9068d2a Compare May 6, 2026 17:57
@sfeng33 sfeng33 enabled auto-merge (squash) May 6, 2026 18:03
@github-actions github-actions Bot added the ready ONLY add when PR is ready to merge/full CI is needed label May 6, 2026
@sfeng33 sfeng33 merged commit 5a0a8fc into main May 6, 2026
12 checks passed
@sfeng33 sfeng33 deleted the security-guide-cache-notes branch May 6, 2026 23:54
libinta pushed a commit to libinta/vllm that referenced this pull request May 8, 2026
@russellb @libinta
[Docs] add cache directory security guidance (vllm-project#38920)
c6684f4 
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Libin Tang <libin.tang@intel.com>
weifang231 pushed a commit to weifang231/eb-vllm that referenced this pull request May 13, 2026
@russellb
[Docs] add cache directory security guidance (vllm-project#38920)
605837f 
Signed-off-by: Russell Bryant <rbryant@redhat.com>
mfylcek pushed a commit to mfylcek/vllm that referenced this pull request May 19, 2026
@russellb @mfylcek
[Docs] add cache directory security guidance (vllm-project#38920)
d4d883b 
Signed-off-by: Russell Bryant <rbryant@redhat.com>
jhu960213 pushed a commit to jhu960213/vllm that referenced this pull request May 20, 2026
@russellb
[Docs] add cache directory security guidance (vllm-project#38920)
51203ed 
Signed-off-by: Russell Bryant <rbryant@redhat.com>
mvanhorn pushed a commit to mvanhorn/vllm that referenced this pull request Jun 4, 2026
@russellb @mvanhorn
[Docs] add cache directory security guidance (vllm-project#38920)
013ff3d 
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Signed-off-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
knight0528 pushed a commit to knight0528/vllm that referenced this pull request Jun 8, 2026
@russellb @knight0528
[Docs] add cache directory security guidance (vllm-project#38920)
cb40b2a 
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sfeng33 sfeng33 sfeng33 approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation ready ONLY add when PR is ready to merge/full CI is needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@russellb @sfeng33