Post Syndicated from original https://lwn.net/Articles/897260/

The userfaultfd()
system call allows one thread to handle page faults for another in user
space. It has a number of interesting use cases, including the live
migration of virtual machines. There are also some less appealing use
cases, though, most of which are appreciated by attackers trying to take
control of a machine. Attempts have been made over the years to make
userfaultfd() less useful as an exploit tool, but this
patch set from Axel Rasmussen takes a different approach by
circumventing the system call entirely.