v0.1 editorial change suggestions

chapter3.adoc

@@ -8,6 +8,8 @@ and `mttp`. The SDID programmed via this interface is a local identifier for the
 hart and may be used to tag hart-local resources to access-control data
 associated with the supervisor domain.
 
+=== Machine tracking table pointer (`mttp`)
+
 The `mttp` register is an `XLEN`-bit read/write register, formatted as shown in
 <<sdid-32>> for `XLEN=32` and <<sdid-64>> for `XLEN=64`, which controls
 physical address protection for supervisor domains. This register holds the
@@ -18,7 +20,7 @@ selects the address protection scheme (MTT Mode to be enforced) for physical
 addresses. The MTT is a structure that holds the access permissions for a
 physical address and is looked up per the programmed `MODE`.
 
-Attempts to read or write `mttp` while executing in U, S or HS-mode will raise
+Attempts to read or write `mttp` while executing in U or S-mode will raise
 an illegal instruction exception.
 
 [caption="Register {counter:rimage}: ", reftext="Register {rimage}"]
@@ -75,7 +77,7 @@ specification cite:[ISA]
 |1 |`Smmtt34` |Page-based supervisor domain protection for 34 bit physical
 addresses with RWX permissions per page
 
-|2 |- |`_Reserved_`
+|2-3 |- |`_Reserved_`
 |===
 
 .Encoding of `mttp` `MODE` field for `XLEN=64`.

chapter4.adoc

@@ -146,16 +146,6 @@ bits (3:2) for future use. The 2-bit `PERM` field holds access-permission
 for 4 KiB pages for the supervisor domain, as described in <<mtt-l1-rv64>> for
 RV64 and <<mtt-l1-rv32>> for RV32.
 
-|`2M_PAGES` a|
-This encoding applies only to RV64.
-_The 32 MiB range of address space is partitioned into 16 2 MiB pages where each
-page has read/write/execute access allowed/not specified via the `INFO` field._
-The `INFO` field holds 16 2-bit `PERM` access-encoding for each 2 MiB address
-range to indicate: `no_access_allowed` (00b), `read-execute-allowed` (01b),
-`read-write-allowed` (10b), `read-write-execute-allowed` (11b). Bits
-_mpte.info[31:0]_ holds the 2 MiB page permissions, and _mpte.info[43:32]_ are
-reserved and must be zero.
-
 |`4M_PAGES` a|
 This encoding applies only to RV32.
 _The 32 MiB range of address space is partitioned into 8 4 MiB pages where each
@@ -165,6 +155,16 @@ range to indicate: `no_access_allowed` (00b), `read-execute-allowed` (01b),
 `read-write-allowed` (10b), `read-write-execute-allowed` (11b). Bits
 _mpte.info[15:0]_ holds the 2 MiB page permissions, and _mpte.info[21:16]_ are
 reserved and must be zero.
+
+|`2M_PAGES` a|
+This encoding applies only to RV64.
+_The 32 MiB range of address space is partitioned into 16 2 MiB pages where each
+page has read/write/execute access allowed/not specified via the `INFO` field._
+The `INFO` field holds 16 2-bit `PERM` access-encoding for each 2 MiB address
+range to indicate: `no_access_allowed` (00b), `read-execute-allowed` (01b),
+`read-write-allowed` (10b), `read-write-execute-allowed` (11b). Bits
+_mpte.info[31:0]_ holds the 2 MiB page permissions, and _mpte.info[43:32]_ are
+reserved and must be zero.
 |===
 
 The `MTTL1` table is populated if protection granularity of the 4 KiB page is
@@ -230,24 +230,22 @@ supervisor domain is ascertained as follows:
 
 1. Let _a_ be `mttp.ppn` x PAGESIZE, and let _i_ = LEVELS, where for mode
 `Smmtt34`, LEVELS = 2 and for `Smmtt[46 | 56]`, LEVELS = 3; PAGESIZE
-is 2^12^; MTT NON_LEAF_PTE_SIZE = 8 bytes (for RV32, MTT NON_LEAF_PTE_SIZE =
-4 bytes). The `mttp` register must be active, i.e., the effective privilege mode
-must be not-M-mode.
+is 2^12^; MTT_PTE_SIZE = 8 bytes (for RV32, MTT_PTE_SIZE = 4 bytes). The `mttp`
+register must be active, i.e., the effective privilege mode must not be M-mode.
 
 2. Let _mpte_ be the value of the `MTT` table entry at address _a_ + _pa.pn[i]_
- x NON_LEAF_PTE_SIZE. If accessing _mpte_ violates a PMA or PMP check, raise
+ x MTE_PTE_SIZE. If accessing _mpte_ violates a PMA or PMP check, raise
 an access-fault exception corresponding to the original access type.
 
 3. If any bits or encodings that are reserved for future standard use are
 set within _mpte_, stop and raise an access-fault exception corresponding to
 the original access type.
 
-4. Otherwise, the _mpte_ is valid. If (_i_=0) or (_i_=1 and _mpte.type_ is not
+4. Otherwise, the _mpte_ is valid. If (_i_=1) or (_i_=2 and _mpte.type_ is not
 `MTT_L1_DIR`), go to step 5. Otherwise, the _mpte_ is a pointer to the next
-level of the `MTT`. Let _i_ = _i_-1. If _i_ < 0, stop and raise an access-fault
-exception corresponding to the original access type. Otherwise, let
-_a_ = _mpte.ppn_ x PAGESIZE and go to step 2. Note that when _mpte.type_ =
-`MTT_L1_DIR`, the _mpte.ppn_ is the value of the _mpte.info_ field.
+level of the `MTT`. Let _i_ = _i_-1. Let _a_ = _mpte.ppn_ x PAGESIZE and go to
+step 2. Note that when _mpte.type_ = `MTT_L1_DIR`, the _mpte.ppn_ is the value
+of the _mpte.info_ field.
 
 5. A leaf _mpte_ has been found. If any bits or encodings within _mpte.type_
 and _mpte.info_ that are reserved for future standard use, per
@@ -257,30 +255,30 @@ exception corresponding to the access type.
 6. The _mpte_ is a valid leaf _mpte_. Fetch the access-permissions for the
 physical address per the steps described below:
 
-* if _i_=1, and the _mpte.type_ field directly specifies the access-permissions
+* if _i_=2, and the _mpte.type_ field directly specifies the access-permissions
 for 1 GiB page regions (via 32 MTTL2 entries with identical _mpte.type_ values -
 see <<Smmtt-rw-l2-encoding>>); go to step 7, else
 
-* if _i_=1, and for XLEN = 64 and the _mpte.type_ field value `2M_PAGES`, the
+* if _i_=2, and for XLEN = 64 and the _mpte.type_ field value `2M_PAGES`, the
 _mpte.info_[31:0] field contains 16 entries of 2-bit access-permission encodings
 for 16 2 MiB address regions; For XLEN=32 and _mpte.type_ field value of
 `4M_PAGES`, the _mpte.info_[16:0] field contains 8 entries of 2-bit
 access-permission encodings for 8 4 MiB regions - see <<Smmtt-rw-l2-encoding>>;
 go to step 7, else
 
-* if _i_=0, the _mpte_ contains XLEN/4 entries that holds access-permission
-encodings for 4 KiB pages. The 4-bit field has the lsb 2-bits specify the
-access-permission encoding for the _pa_ (and 2 bits reserved) in the _mpte_ is
-indexed via _pa.pn[i]_. The encodings are specified in <<Smmtt-rw-l1-encoding>>.
+* if _i_=1, the _mpte_ contains XLEN/4 4-bit entries that hold access-permission
+encodings for 4 KiB pages. The entry is selected by _pa.pn[0]_. The least
+significant 2 bits of each entry specify the access-permission encoding for the
+_pa_. The encodings are specified in <<Smmtt-rw-l1-encoding>>.
 
 7. Determine if the requested physical memory access is allowed per the
 access-permissions. If access is not permitted, stop and raise an access-fault
 exception corresponding to the original access type.
 
 8. The access is allowed per the `MTT` lookup.
 
-All implicit accesses to the non-leaf memory tracking table data structures in
-this algorithm are performed using width NON_LEAF_PTE_SIZE.
+All implicit accesses to the memory tracking table data structures in
+this algorithm are performed using width MTE_PTE_SIZE.
 
 [NOTE]
 ====
@@ -329,7 +327,7 @@ When `Smmtt` is implemented, an `MTT` structure is used to specify
 access-permissions for physical memory for a supervisor domain, the `MTT`
 settings for the resulting physical address (after any address translation) may
 be checked (and possibly cached) at any point between the address translation
-and the explicit memory access. If caching is occuring, when the `MTT` settings
+and the explicit memory access. Therefore, when the `MTT` settings
 are modified, `M-mode` software must synchronize the cached `MTT` state with the
 virtual memory system and any `PMP`, `MTT` or address-translation caches, as
 described via <<mfence-spa>> or in a batched manner via <<minval-spa>>.

chapter6.adoc

@@ -124,7 +124,7 @@ all harts are big-endian-only).
 
 [NOTE]
 ====
-Big-endian-configured harts that make use of an RERI may implement the `REV8`
+Big-endian-configured harts that make use of I/O MTT may implement the `REV8`
 byte-reversal instruction defined by the Zbb extension. If `REV8` is not
 implemented, then endianness conversion may be implemented using a sequence
 of instructions.
@@ -221,7 +221,7 @@ rules and is supported only if explicitly specified by an operation.
                              operation may be requested to invalidate all
                              entries of an MTT cache or to invalidate entries
                              corresponding to an address range specified in the
-                             `operand-1`.
+                             `operand-1` register.
 |`IOFENCE`     | 4         | This command can be used to request that IOMTTCHK
                              ensure that all previous read and write requests
                              from devices that have already been processed by
@@ -395,10 +395,10 @@ representing any 1-bit value.
 [cols="^1,3,3", options="header"]
 |===
 | `SRC_IDM` | `SRC_ID`                     | *Comment*
-| 0         |`yyyyyyyy  yyyyyyyy  yyyyyyyy`| One specific seg:bus:dev:func
-| 1         |`yyyyyyyy  yyyyyyyy  yyyyy011`| seg:bus:dev - any func
+| 1         |`yyyyyyyy  yyyyyyyy  yyyyyyyy`| One specific seg:bus:dev:func
+| 2         |`yyyyyyyy  yyyyyyyy  yyyyy011`| seg:bus:dev - any func
 | 2         |`yyyyyyyy  yyyyyyyy  01111111`| seg:bus - any dev:func
-| 3         |`yyyyyyyy  01111111  11111111`| seg - any bus:dev:func
+| 2         |`yyyyyyyy  01111111  11111111`| seg - any bus:dev:func
 |===
 
 ====
@@ -426,7 +426,7 @@ PCIe IDE provides security for transactions from one Port to another. These
 transactions might be initiated by contexts within the device, such as an SR-IOV
 virtual function, which are associated with a Trusted Execution Environment
 (TEE). Within the IDE TLP header, there's a "T" bit that helps differentiate
-transactions related to a TEE. The `TEE_LIM` filter can be employed to associate
+transactions related to a TEE. The `TEE_FLT` filter can be employed to associate
 these TEE-related transactions with a different supervisor domain than the
 transactions not related to TEE. This distinction is made even if both types of
 transactions are received on the same PCIe IDE stream.

chapter7.adoc

@@ -103,8 +103,8 @@ The RDSM needs a method to be alerted if an external interrupt, whether at the
 S- or VS-level, is pending for any supervisor domains not currently active on a
 hart. The RDSM could leverage this notification to inform its scheduling
 decisions. To facilitate this functionality, the `Smsdia` extension introduces
-the `msdeip` and `msdeie` CSRs, along with an M-level supervisor domain external
-interrupt (`MSDEI`).
+the `msdeip` and `msdeie` CSRs, along with an local supervisor domain external
+interrupt (`LSDEI`).
 
 === Machine supervisor domain configuration (`msdcfg`)
 
@@ -116,7 +116,7 @@ supervisor domain interrupt controller for S- and VS-level external interrupts
 when `SDICN` is the number of an implemented interrupt controller, not zero.
 
 The `SDICN` field is a WARL field that must be able to hold a value between 0
-and maximum implemented supervisor domain interrupt controller number,
+and the maximum implemented supervisor domain interrupt controller number,
 inclusive. If there are no supervisor domain interrupt controllers connected to
 the hart, then `SDICN` may be read-only zero.
 
@@ -207,19 +207,19 @@ aliases bits 63:32 of `msdeie`. When MXLEN=64, `msdeieh` does not exist.
 ....
 
 The `msdeie` CSR selects the subset of supervisor domain external interrupts
-that cause a M-level supervisor domain external interrupt. The enable bits in
+that cause a local supervisor domain external interrupt. The enable bits in
 `msdeie` do not affect the S- and VS-level external interrupt pending signals
 from the interrupt controller selected by `msdcfg.SDICN`.
 
 === Machine and Supervisor Interrupt registers (`mip/mie` and `sip/sie`)
 
 The `Smsdia` extension introduces the local supervisor domain external
-interrupt-pending (`LSDEI`). This interrupt is treated as a standard local
+interrupt (`LSDEI`). This interrupt is treated as a standard local
 interrupt that is assigned to bit 16 in the `mip`, `mie`, `sip`, and `sie`
 registers. The bit 16 in `mip` and `sip` is called `LSDEIP` and the same bit in
 `mie` and `sie` is called `LSDEIE`. The `mideleg` register controls the
-delegation of `LSDEI` interrupt to S-mode. This interrupt cannot be delegated to
-VS-mode and the the bit 16 of `hideleg` is read-only zero.
+delegation of `LSDEI` to S-mode. This interrupt cannot be delegated to
+VS-mode and bit 16 of `hideleg` is read-only zero.
 
 The `mip.LSDEIP` bit is read-only, and is 1 if and only if the bitwise logical
 AND of CSRs `msdeip` and `msdeie` is nonzero in any bit. The `sip.LSDEIP` bit is

chapter9.adoc

@@ -56,7 +56,7 @@ to M.
 
 The `mrmcfg` register is an MXLEN-bit read/write register used to configure a
 Resource Control ID (`RCID`), Monitoring Counter ID (`MCID`), and a Machine QRID
-(`MQRID`). The `MQRID, `RCID`, and `MCID` are WARL fields. The register is
+(`MQRID`). The `MQRID`, `RCID`, and `MCID` are WARL fields. The register is
 formatted as shown in <<MRMCFG64>> when MXLEN=64 and <<MRMCFG32>> when MXLEN=32.
 The CSR number is TBA.
 
@@ -176,14 +176,14 @@ for the `RCID` and `MCID` fields of the register is computed as follows:
 [listing]
 ----
 SRL_MASK = (1 << SRL) - 1
-if SSM == 1
+if SSM == 0
     RCID-value = srmcfg.RCID & SRL_MASK
 else
     RCID-value = srmcfg.RCID
 endif
 
 SML_MASK = (1 << SML) - 1
-if SSM == 1
+if SSM == 0
     MCID-value = srmcfg.MCID & SML_MASK
 else
     MCID-value = srmcfg.MCID
@@ -200,7 +200,7 @@ follows:
 [listing]
 ----
 SRL_MASK = (1 << SRL) - 1
-if SSM == 1
+if SSM == 0
     srmcfg.RCID = (srmcfg.RCID & ~SRL_MASK) | (RCID-value & SRL_MASK)
 else
     if ((RCID-value & ~SRL_MASK) | SRL_MASK) != ((1 << RCIDLEN) - 1)
@@ -209,7 +209,7 @@ else
 endif
 
 SML_MASK = (1 << SML) - 1
-if SSM == 1
+if SSM == 0
     srmcfg.MCID = (srmcfg.MCID & ~SML_MASK) | (MCID-value & SML_MASK)
 else
     if ((MCID-value & ~SML_MASK) | SML_MASK) != ((1 << MCIDLEN) - 1)