In Linux, I've tried (just for fun) to modify the kernel source in process.c create a stack address that has more entropy, i.e. in particular the line:
sp -= get_random_int() % 8192;
When I change this too much, the kernel halts or I get some seemingly undefined behavior. I'm guessing that this causes PAGE_ALIGN() to fail in some way? I'm not that interested in why PAGE_ALIGN() in particular fails, or exactly what piece of code in the kernel that fails (although that too would be nice to know); I'm more interested in why the stack must reside in a particular region at all. What is the architectural reason and motivation behind this? Does this have something to do with how GDT/LDT works in protected mode?
Just to make clear what I'm asking:
Why does the stack have to have the form 0xbfXXXXXX (on 32-bit)? Why cannot the stack be e.g. 0xaaXXXXXX, or any other value?
There is a limit in
do_page_fault()
as to how far outside the stack vma you can be before it considers it a bad access, perhaps you're hitting that?