How is Physical Address Width determined?

[SiFiveHolland]

The description of mttp contains this paragraph:

The MTTPPN refers to an MTTL3 table or an MTTL2 table based on physical address width (PAW). For 56 >= PAW > 46, MTTL3 table must be of size 2^(PAW-43) bytes and naturally aligned to that sized byte boundary. For 46 >= PAW > 32 the MTTL2 table must be of size 2^(PAW-22) bytes for Smmtt46 and Smmtt34, and must be naturally aligned to that sized byte boundary. In these modes, the lowest two bits of the physical page number (MTTPPN) in mttp always read as zeros.

This paragraph seems to imply that the top-level table (MTTL2 or MTTL3) is variably-sized, such that it only covers the part of the physical address space actually in use on a platform. For example, on a system with 2 GiB of DRAM, the largest valid physical address may be below 2^32. In that case, the MTTL2 may contain only 128 entries. I think this is an important feature to avoid wasting 16 MiB of DRAM on an MTTL2 when such a large table is not needed.

However, the description of the MTT walk algorithm does not describe any bounds check when accessing mpte. This can lead to out-of-bounds reads of the MTT. There needs to be a way for M-mode software to specify or at least detect the physical address width, so it knows how large of an MTT to allocate.

[SiFiveHolland]

Similarly, what happens if I try to use a physical address >= 2^46 in Smmtt46 mode, or a physical address >= 2^56 in Smmtt56 mode (possible with Svbare)? The current algorithm given in section 4.2 would ignore the upper bits, so the MTT lookups would alias with lower addresses. I would expect this to raise an access fault.