On Sat, 12 Oct 2024 at 17:53, Linus Torvalds
[off-list ref] wrote:

So no, the address masking can not depend on things like
__VIRTUAL_MASK_SHIFT, it would need to at least take LAM into account
too. Not that I know if there are any CPU's out there that actually
have LAM enabled.

Lunar Lake and Arrow Lake, apparently.

One thing that may make this all moot is that the value loaded from a
possible non-canonical range won't actually be used until after we've
done a "CLAC".

And at least judging by the performance of STAC/CLAC on my machines,
those instructions will likely have stopped any speculation cold.

So maybe the "what is the actual cycle latency of detecting the
faulting instruction" really is the core question here.

               Linus