The user-process stack is in virtual memory, and in any case it is not to be trusted. When the system enters kernel mode, the stack-pointer is switched to a kernel stack for the duration of the call. (The successful execution of a kernel request must not depend in any way upon the user environment: the kernel operates in a "known-good," trustworthy state which the user cannot tamper with.)
Part of the procedure for switching from user-mode to kernel-mode is to preserve all of the values in the CPU registers, including the user-process stack pointer. The kernel has ready access to these values, which will be restored when the system transitions back into user-mode.
The kernel can retrieve information from the user-process stack as it sees fit, but the user-process cannot access the kernel stack area.
Last edited by sundialsvcs; 04-25-2013 at 08:14 AM.