From 0f282a201e7cec1880ac8f3653c522dc6dbdbb3f Mon Sep 17 00:00:00 2001
From: Christian Blichmann <cblichmann@google.com>
Date: Wed, 19 Jun 2024 06:23:12 -0700
Subject: [PATCH] PolicyBuilder: Allow `MADV_SEQUENTIAL` in
 `AllowLimitedMadvise()`

This is sometimes used to hint to the kernel that pages will be access sequentially and thus might be swapped out after read.
This is a useful annotation for read-ahead caches and is used by, for example, TinyVMM/Vanadium

PiperOrigin-RevId: 644729625
Change-Id: I770c86f271f7c7dd6eae563db85f1a53059ddf86
---
 sandboxed_api/sandbox2/policybuilder.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sandboxed_api/sandbox2/policybuilder.cc b/sandboxed_api/sandbox2/policybuilder.cc
index 8e187819..38d1a099 100644
--- a/sandboxed_api/sandbox2/policybuilder.cc
+++ b/sandboxed_api/sandbox2/policybuilder.cc
@@ -449,6 +449,7 @@ PolicyBuilder& PolicyBuilder::AllowLimitedMadvise() {
   allowed_complex_.limited_madvise = true;
   return AddPolicyOnSyscall(__NR_madvise, {
                                               ARG_32(2),
+                                              JEQ32(MADV_SEQUENTIAL, ALLOW),
                                               JEQ32(MADV_DONTNEED, ALLOW),
                                               JEQ32(MADV_REMOVE, ALLOW),
                                               JEQ32(MADV_HUGEPAGE, ALLOW),