PolicyBuilder: Allow MADV_SEQUENTIAL in AllowLimitedMadvise()

This is sometimes used to hint to the kernel that pages will be access sequentially and thus might be swapped out after read. This is a useful annotation for read-ahead caches and is used by, for example, TinyVMM/Vanadium PiperOrigin-RevId: 644729625 Change-Id: I770c86f271f7c7dd6eae563db85f1a53059ddf86
google · Jun 19, 2024 · 0f282a2 · 0f282a2
1 parent 131826f
commit 0f282a2
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/sandboxed_api/sandbox2/policybuilder.cc b/sandboxed_api/sandbox2/policybuilder.cc
@@ -449,6 +449,7 @@ PolicyBuilder& PolicyBuilder::AllowLimitedMadvise() {
   allowed_complex_.limited_madvise = true;
   return AddPolicyOnSyscall(__NR_madvise, {
                                               ARG_32(2),
+                                              JEQ32(MADV_SEQUENTIAL, ALLOW),
                                               JEQ32(MADV_DONTNEED, ALLOW),
                                               JEQ32(MADV_REMOVE, ALLOW),
                                               JEQ32(MADV_HUGEPAGE, ALLOW),