From 3ccbd2a842dbd24cb5ad4cf72218e77f0593eefe Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber@reactos.org>
Date: Sun, 16 Jan 2022 10:54:33 -0500
Subject: [PATCH] [NTOS:MM] Randomly allocate from special pool

---
 ntoskrnl/mm/ARM3/pool.c    | 2 +-
 ntoskrnl/mm/ARM3/special.c | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ntoskrnl/mm/ARM3/pool.c b/ntoskrnl/mm/ARM3/pool.c
index 8ab8ae293a4..c35726e0d55 100644
--- a/ntoskrnl/mm/ARM3/pool.c
+++ b/ntoskrnl/mm/ARM3/pool.c
@@ -26,7 +26,7 @@ MM_PAGED_POOL_INFO MmPagedPoolInfo;
 SIZE_T MmAllocatedNonPagedPool;
 SIZE_T MmTotalNonPagedPoolQuota;
 SIZE_T MmTotalPagedPoolQuota;
-ULONG MmSpecialPoolTag;
+ULONG MmSpecialPoolTag = 1;
 ULONG MmConsumedPoolPercentage;
 BOOLEAN MmProtectFreedNonPagedPool;
 SLIST_HEADER MiNonPagedPoolSListHead;
diff --git a/ntoskrnl/mm/ARM3/special.c b/ntoskrnl/mm/ARM3/special.c
index 6d40315bc0d..971ac988562 100644
--- a/ntoskrnl/mm/ARM3/special.c
+++ b/ntoskrnl/mm/ARM3/special.c
@@ -76,18 +76,19 @@ BOOLEAN
 NTAPI
 MmUseSpecialPool(SIZE_T NumberOfBytes, ULONG Tag)
 {
+    static ULONG Seed = 0x5eed1234;
     /* Special pool is not suitable for allocations bigger than 1 page */
     if (NumberOfBytes > (PAGE_SIZE - sizeof(POOL_HEADER)))
     {
         return FALSE;
     }
 
-    if (MmSpecialPoolTag == '*')
+    if (Tag == 'enoN')
     {
         return TRUE;
     }
-
-    return Tag == MmSpecialPoolTag;
+    Seed = Seed * 16807 % 0x7fffffff;
+    return Seed % 11 == 2;
 }
 
 BOOLEAN