I am new in RISC-V architecture and I am trying to understand the behaviour switching between User Mode and the Machine Mode.
I am running Freertos PMP examples on HiFive RevB.
The example creates a thread in user mode and makes a call to Machine Mode, but as I see, after the call, the machine mode continues from the thread stack (as I see from the SP register).
In the arm architecture, the thread and interrupt stacks are separated, so after the system call (machine mode), the Service Call uses its own stack.
Do Machine Mode calls the caller (user mode) stack?
My concern is that we can create a thread with a finite stack size but we may not know the stack depth of the Machine Call, so if the Machine call uses the user mode stack, it may overflow the stack.
I could not find enough information so could you please clarify, how it works or which documents should I read?
The switch between User mode and Machine mode does not touch memory at all.
What you do after that is completely up to you. RISC-V does not mandate anything, it’s up to whatever convention you or the OS you’re using wants to use.
There is a CSR “mscratch” which is available for Machine mode to store any data it wishes.
One typical thing to do is keep the Machine mode stack pointer there, and on entry to a trap handler use a CSR swap instruction to swap SP with mscratch.
It’s definitely best to do something like that if you’re running user code or less trustworthy code in user mode. But many embedded systems that trust the quality of the code being interrupted do just continue on the same stack.
Switching (manually) stacks between machine&user mode would help for now.
My concern was about the security between user and machine modes because they work on the same memory (stack) as default, the remaining values from the machine-mode execution in the user-mode stack can be used for information leak. The developers must be careful about it.
“Stack” is not even a concept in the base RISC-V instruction set and hardware. There is no stack pointer, no stack instructions, no push. no pop.
Anything that labels, for example, x2, as “Stack Pointer” is just a convention (though a very common one) in some software or operating environment. Any other register (except x0 of course) works exactly as well as a stack pointer.
But as far as the hardware is concerned, there is no user mode stack pointer or machine mode stack pointer. The hardware doesn’t have that concept, and so privilege level changes can’t and don’t do anything with it.
If machine mode software wants to use a stack then it makes sense for it to install its own stack pointer into a register (e.g. x2) at entry, whether from a fixed location in RAM or from the mscratch CSR or whatever. It’s actually irrelevant whether the user mode software is using that register as a stack pointer.
If you care about security between the user mode and machine mode software then, yes, the machine mode should have its own stack area. If the same people write both the user mode and machine mode software and take appropriate care then both can use the same stack. It’s up to you to decide.