Nobody wants to waste a core, and passing cache lines from core to core isn't cheap, but yes... using a separate core is in fact more secure.
From one user process to another user process is already solved. The CR3 register gets reloaded, even on older kernels. Well, it's true for anything released after about 1992. If you have Linux 0.01 or 0.02, you might need a patch for that too.
I have to wonder how this extra code compares to just letting the hardware switch CR3 via a doublefault exception task gate. With a doublefault task switch, the last bit of executable code could be unmapped.
From one user process to another user process is already solved. The CR3 register gets reloaded, even on older kernels. Well, it's true for anything released after about 1992. If you have Linux 0.01 or 0.02, you might need a patch for that too.
I have to wonder how this extra code compares to just letting the hardware switch CR3 via a doublefault exception task gate. With a doublefault task switch, the last bit of executable code could be unmapped.