Try mfench + clflush

Signed-off-by: Ludvig Liljenberg <4257730+ludfjig@users.noreply.github.com>

Author: ludfjig

src/hyperlight_host/src/mem/mgr.rs

@@ -496,6 +496,29 @@ impl SandboxMemoryManager<HostSharedMemory> {
         }
     }
 
+    /// Flush all snapshot and scratch memory from CPU caches using clflush,
+    /// then issue an mfence to ensure completion.
+    #[cfg(target_arch = "x86_64")]
+    pub(crate) fn flush_caches(&self) {
+        use core::arch::x86_64::{_mm_clflush, _mm_mfence};
+        const CACHE_LINE: usize = 64;
+
+        let snap_ptr = self.shared_mem.base_addr() as *const u8;
+        let snap_len = self.shared_mem.mem_size();
+        let scratch_ptr = self.scratch_mem.base_addr() as *const u8;
+        let scratch_len = self.scratch_mem.mem_size();
+
+        unsafe {
+            for offset in (0..snap_len).step_by(CACHE_LINE) {
+                _mm_clflush(snap_ptr.add(offset));
+            }
+            for offset in (0..scratch_len).step_by(CACHE_LINE) {
+                _mm_clflush(scratch_ptr.add(offset));
+            }
+            _mm_mfence();
+        }
+    }
+
     /// This function restores a memory snapshot from a given snapshot.
     pub(crate) fn restore_snapshot(
         &mut self,

src/hyperlight_host/src/sandbox/initialized_multi_use.rs

@@ -294,6 +294,14 @@ impl MultiUseSandbox {
         })?;
 
         let (gsnapshot, gscratch) = self.mem_mgr.restore_snapshot(&snapshot)?;
+
+        // Flush all snapshot and scratch memory from CPU caches and drain
+        // the store buffer. On AMD SVM with NPT, the guest reads through
+        // nested page tables which may not see host-side cached writes.
+        // clflush evicts each cache line; mfence ensures completion.
+        #[cfg(target_arch = "x86_64")]
+        self.mem_mgr.flush_caches();
+
         if let Some(gsnapshot) = gsnapshot {
             self.vm
                 .update_snapshot_mapping(gsnapshot)