

Dune allows running privileged instructions in userland using VT-x on Linux - brokenparser
http://dune.scs.stanford.edu/

======
brokenparser
From the paper:

This paper introduces a new approach to application use of kernel hardware
features: using virtualization hardware to provide a _process_ , rather than a
_machine_ abstraction. We have implemented this approach for Linux on 64-bit
Intel CPUs in a system called Dune. Dune provides a loadable kernel module
that works with unmodified Linux kernels. The module allows processes to enter
"Dune mode", an irreversible transition in which, through virtualization
hardware, safe and fast access to privileged hardware features is enabled,
including privilege modes, virtual memory registers, page tables, and
interrupt, exception, and system call vectors.

...Our evaluation shows both performance and security benefits to Dune. For
instance, we built a sandbox that approaches zero overhead, modified a garbage
collector to improve performance by up to 40.7%, and created a privilege
separation system with 3x less context switch overhead than without Dune.

