Updates to address review comments and fix fig3,4

Signed-off-by: Ravi Sahita <ravi@rivosinc.com>

chapter4.adoc

@@ -229,13 +229,13 @@ follows:
 MTT access-permissions for a physical address PA in the context of a
 supervisor domain is ascertained as follows:
 
-1. Let _a_ be `mttp.ppn` x _PAGESIZE_, and let _i_ = LEVELS, where for mode
-`Smmtt34[rw]`, _LEVELS_ = 2 and for `Smmtt[46 | 56][rw]` LEVELS = 3; _PAGESIZE_
-is 2^12; MTT _NON_LEAF_PTE_SIZE_ = 8 bytes. The `mttp` register must be active,
+1. Let _a_ be `mttp.ppn` x PAGESIZE, and let _i_ = LEVELS, where for mode
+`Smmtt34[rw]`, LEVELS = 2 and for `Smmtt[46 | 56][rw]`, LEVELS = 3; PAGESIZE
+is 2^12^; MTT NON_LEAF_PTE_SIZE = 8 bytes. The `mttp` register must be active,
 i.e., the effective privilege mode must be not-M-mode.
 
 2. Let _mpte_ be the value of the `MTT` table entry at address _a_ + _pa.pn[i]_
- x _NON_LEAF_PTE_SIZE_. If accessing _mpte_ violates a PMA or PMP check, raise
+ x NON_LEAF_PTE_SIZE. If accessing _mpte_ violates a PMA or PMP check, raise
 an access-fault exception corresponding to the original access type.
 
 3. If any bits or encodings that are reserved for future standard use are
@@ -246,7 +246,7 @@ the original access type.
 `MTT_L1_DIR`), go to step 5. Otherwise, the _mpte_ is a pointer to the next
 level of the `MTT`. Let _i_ = _i_-1. If _i_ < 0, stop and raise an access-fault
 exception corresponding to the original access type. Otherwise, let
-_a_ = _mpte.ppn_ x _PAGESIZE_ and go to step 2. Note that when _mpte.type_ =
+_a_ = _mpte.ppn_ x PAGESIZE and go to step 2. Note that when _mpte.type_ =
 `MTT_L1_DIR`, the _mpte.ppn_ field is the value of the _mpte.info_ field.
 
 5. A leaf _mpte_ has been found. If any bits or encodings within _mpte.type_
@@ -257,19 +257,19 @@ stop and raise an access-fault exception corresponding to the access type.
 6. The _mpte_ is a valid leaf _mpte_. Fetch the access-permissions for the
 physical address per the steps described below:
 
-* if _i_=1, and the _mpte.type_ field specifies it holds the access-permission
+* if _i_=1, and the _mpte.type_ field specifies the access-permission
 encoding for 1GB pages per <<Smmtt-rw-l2-encoding>> and <<Smmtt-ad-l2-encoding>>
 ; go to step 7, else
 
-* if _i_=1, and the _mpte.type_ field specifies it holds the access-permission
+* if _i_=1, and the _mpte.type_ field specifies the access-permission
 encoding for 2MB pages; the _mpte.info_ field contains the access-permission
 encoding per <<Smmtt-rw-l2-encoding>> and <<Smmtt-ad-l2-encoding>>; go to
 step 7, else
 
 * If _i_=0, the _mpte_ contains a 2-bit entry for mode `Smmtt[34 | 46 | 56]`
 that holds the access-permission encodings (or 4-bit entry for mode
 `Smmtt[34 | 46 | 56]rw`) for 4KB pages. The 2/4-bit access-permission encoding
-for the PA is held in the ppn referenced by _mpte.info_ and indexed via
+for the _pa_ is held in the ppn referenced by _mpte.info_ and indexed via
 _pa.pn[i]_. The encodings are specified in <<Smmtt-rw>> and <<Smmtt-ad>> for the
 `Smmtt[34 | 46 | 56]` and `Smmtt[34 | 46 | 56]rw` modes respectively.
 
@@ -283,16 +283,12 @@ execute, and read-write permission implies read and write (but no execute).
 8. The access is allowed per the `MTT` lookup.
 
 All implicit accesses to the non-leaf memory tracking table data structures in
-this algorithm are performed using width _NON_LEAF_PTE_SIZE_.
+this algorithm are performed using width NON_LEAF_PTE_SIZE.
 
 [NOTE]
 ====
-Implementations may cache any translation (due to 1st stage and/or G-stage
-translation) and access-permissions for the final (leaf) physical address
-being accessed - in this case, the `MTT`-derived access-permissions are
-AND'ed to accumulate the effective read, write, and execute permissions. Thus,
 MTT access-permissions can only further restrict access, and never grant
-permission denied by 1st-stage or G-stage translations.
+read, write or execute permission denied by 1st-stage or G-stage translations.
 ====
 
 === Access Enforcement and Fault Reporting