Add user mode task spawning interface

Kernel requires distinct privilege modes for kernel services and
user applications. Return from trap instruction needs previous
interrupt enable bit set to preserve interrupt state across
privilege transitions.

Parameterize context initialization to configure privilege mode
during task creation. Set previous interrupt enable bit for
correct interrupt behavior after mode transitions. Provide
separate interface for spawning user mode tasks alongside
existing kernel task interface.

Author: HeatCrab

arch/riscv/hal.c

@@ -282,14 +282,14 @@ void hal_hardware_init(void)
      * Without this, U-mode tasks will trap immediately upon execution
      * (Instruction Access Fault) due to default PMP deny rules.
      */
-    uint32_t pmpaddr = -1UL;      /* Cover entire address space */
-    uint8_t pmpcfg = 0x0F;        /* TOR, R, W, X enabled */
-    
+    uint32_t pmpaddr = -1UL; /* Cover entire address space */
+    uint8_t pmpcfg = 0x0F;   /* TOR, R, W, X enabled */
+
     asm volatile(
         "csrw pmpaddr0, %0\n"
         "csrw pmpcfg0, %1\n"
-        : : "r"(pmpaddr), "r"(pmpcfg)
-    );
+        :
+        : "r"(pmpaddr), "r"(pmpcfg));
 }
 
 /* Halts the system in an unrecoverable state */
@@ -501,7 +501,9 @@ extern uint32_t _gp, _end;
  *   0: ra,   4: gp,   8: tp,  12: t0, ... 116: t6
  * 120: mcause, 124: mepc
  */
-void *hal_build_initial_frame(void *stack_top, void (*task_entry)(void), int user_mode)
+void *hal_build_initial_frame(void *stack_top,
+                              void (*task_entry)(void),
+                              int user_mode)
 {
 #define INITIAL_STACK_RESERVE \
     256 /* Reserve space below stack_top for task startup */
@@ -526,10 +528,11 @@ void *hal_build_initial_frame(void *stack_top, void (*task_entry)(void), int use
      * - frame[2] = tp: Thread pointer, required for thread-local storage
      * - frame[32] = mepc: Task entry point, where mret will jump to
      */
-    frame[1] = (uint32_t) &_gp;        /* gp - global pointer */
-    frame[2] = tp_val;                 /* tp - thread pointer */
+    frame[1] = (uint32_t) &_gp; /* gp - global pointer */
+    frame[2] = tp_val;          /* tp - thread pointer */
 
-    uint32_t mstatus_val = MSTATUS_MIE | MSTATUS_MPIE | (user_mode ? MSTATUS_MPP_USER : MSTATUS_MPP_MACH);
+    uint32_t mstatus_val = MSTATUS_MIE | MSTATUS_MPIE |
+                           (user_mode ? MSTATUS_MPP_USER : MSTATUS_MPP_MACH);
     frame[FRAME_MSTATUS] = mstatus_val; /* mstatus - enable interrupts */
 
     frame[FRAME_EPC] = (uint32_t) task_entry; /* mepc - entry point */
@@ -794,7 +797,7 @@ static void __attribute__((naked, used)) __dispatch_init(void)
         "lw  sp,  14*4(a0)\n"
         "lw  t0,  15*4(a0)\n"
         "csrw mepc, t0\n" /* Load task entry point into mepc */
-        "mret\n"); /* Jump to the task's entry point */
+        "mret\n");        /* Jump to the task's entry point */
 }
 
 /* Transfers control from the kernel's main thread to the first task */
@@ -820,11 +823,17 @@ __attribute__((noreturn)) void hal_dispatch_init(jmp_buf env)
 /* Builds an initial 'jmp_buf' context for a brand-new task.
  * @ctx       : Pointer to the 'jmp_buf' to initialize (must be valid).
  * @sp        : Base address of the task's stack (must be valid).
- * @ss        : Total size of the stack in bytes (must be > ISR_STACK_FRAME_SIZE).
- * @ra        : The task's entry point function, used as the initial return address.
+ * @ss        : Total size of the stack in bytes (must be >
+ * ISR_STACK_FRAME_SIZE).
+ * @ra        : The task's entry point function, used as the initial return
+ * address.
  * @user_mode : Non-zero to initialize for user mode, zero for machine mode.
  */
-void hal_context_init(jmp_buf *ctx, size_t sp, size_t ss, size_t ra, int user_mode)
+void hal_context_init(jmp_buf *ctx,
+                      size_t sp,
+                      size_t ss,
+                      size_t ra,
+                      int user_mode)
 {
     if (unlikely(!ctx || !sp || ss < (ISR_STACK_FRAME_SIZE + 64) || !ra))
         hal_panic(); /* Invalid parameters - cannot safely initialize context */
@@ -864,5 +873,6 @@ void hal_context_init(jmp_buf *ctx, size_t sp, size_t ss, size_t ra, int user_mo
      */
     (*ctx)[CONTEXT_SP] = (uint32_t) stack_top;
     (*ctx)[CONTEXT_RA] = (uint32_t) ra;
-    (*ctx)[CONTEXT_MSTATUS] = MSTATUS_MIE | MSTATUS_MPIE | (user_mode ? MSTATUS_MPP_USER : MSTATUS_MPP_MACH);
+    (*ctx)[CONTEXT_MSTATUS] = MSTATUS_MIE | MSTATUS_MPIE |
+                              (user_mode ? MSTATUS_MPP_USER : MSTATUS_MPP_MACH);
 }

arch/riscv/hal.h

@@ -105,15 +105,17 @@ void hal_timer_irq_disable(
 void hal_interrupt_tick(void); /* Enable interrupts on first task run */
 void *hal_build_initial_frame(
     void *stack_top,
-    void (*task_entry)(void)); /* Build ISR frame for preemptive mode */
+    void (*task_entry)(void),
+    int user_mode); /* Build ISR frame for preemptive mode */
 
 /* Initializes the context structure for a new task.
- * @ctx : Pointer to jmp_buf to initialize (must be non-NULL).
- * @sp  : Base address of the task's stack (must be valid).
- * @ss  : Total size of the stack in bytes (must be >= MIN_STACK_SIZE).
- * @ra  : The task's entry point function (must be non-NULL).
+ * @ctx       : Pointer to jmp_buf to initialize (must be non-NULL).
+ * @sp        : Base address of the task's stack (must be valid).
+ * @ss        : Total size of the stack in bytes (must be >= MIN_STACK_SIZE).
+ * @ra        : The task's entry point function (must be non-NULL).
+ * @user_mode : Non-zero to initialize for user mode, zero for machine mode.
  */
-void hal_context_init(jmp_buf *ctx, size_t sp, size_t ss, size_t ra);
+void hal_context_init(jmp_buf *ctx, size_t sp, size_t ss, size_t ra, int user_mode);
 
 /* Halts the CPU in an unrecoverable error state, shutting down if possible */
 void hal_panic(void);

include/sys/task.h

@@ -187,14 +187,25 @@ void _yield(void);
 
 /* Task Lifecycle Management */
 
-/* Creates and starts a new task.
+/* Creates and starts a new task in machine mode.
  * @task_entry : Pointer to the task's entry function (void func(void))
  * @stack_size : The desired stack size in bytes (minimum is enforced)
  *
  * Returns the new task's ID on success. Panics on memory allocation failure.
  */
 int32_t mo_task_spawn(void *task_entry, uint16_t stack_size);
 
+/* Creates and starts a new task in user mode.
+ * User mode tasks run with reduced privileges and must use syscalls to access
+ * kernel services. This provides memory protection and privilege separation.
+ *
+ * @task_entry : Pointer to the task's entry function (void func(void))
+ * @stack_size : The desired stack size in bytes (minimum is enforced)
+ *
+ * Returns the new task's ID on success. Panics on memory allocation failure.
+ */
+int32_t mo_task_spawn_user(void *task_entry, uint16_t stack_size);
+
 /* Cancels and removes a task from the system. A task cannot cancel itself.
  * @id : The ID of the task to cancel
  *

kernel/task.c

@@ -712,7 +712,8 @@ static bool init_task_stack(tcb_t *tcb, size_t stack_size)
 
 /* Task Management API */
 
-int32_t mo_task_spawn(void *task_entry, uint16_t stack_size_req)
+/* Internal task spawning implementation with privilege mode control */
+static int32_t task_spawn_impl(void *task_entry, uint16_t stack_size_req, int user_mode)
 {
     if (!task_entry)
         panic(ERR_TCB_ALLOC);
@@ -777,13 +778,13 @@ int32_t mo_task_spawn(void *task_entry, uint16_t stack_size_req)
 
     /* Initialize execution context outside critical section. */
     hal_context_init(&tcb->context, (size_t) tcb->stack, new_stack_size,
-                     (size_t) task_entry);
+                     (size_t) task_entry, user_mode);
 
     /* Initialize SP for preemptive mode.
      * Build initial ISR frame on stack with mepc pointing to task entry.
      */
     void *stack_top = (void *) ((uint8_t *) tcb->stack + new_stack_size);
-    tcb->sp = hal_build_initial_frame(stack_top, task_entry);
+    tcb->sp = hal_build_initial_frame(stack_top, task_entry, user_mode);
 
     printf("task %u: entry=%p stack=%p size=%u prio_level=%u time_slice=%u\n",
            tcb->id, task_entry, tcb->stack, (unsigned int) new_stack_size,
@@ -796,6 +797,16 @@ int32_t mo_task_spawn(void *task_entry, uint16_t stack_size_req)
     return tcb->id;
 }
 
+int32_t mo_task_spawn(void *task_entry, uint16_t stack_size_req)
+{
+    return task_spawn_impl(task_entry, stack_size_req, false);
+}
+
+int32_t mo_task_spawn_user(void *task_entry, uint16_t stack_size_req)
+{
+    return task_spawn_impl(task_entry, stack_size_req, true);
+}
+
 int32_t mo_task_cancel(uint16_t id)
 {
     if (id == 0 || id == mo_task_id())