Index: pool.c
===================================================================
--- ntoskrnl/mm/ARM3/pool.c	(revision 71668)
+++ ntoskrnl/mm/ARM3/pool.c	(working copy)
@@ -24,7 +24,7 @@
 KGUARDED_MUTEX MmPagedPoolMutex;
 MM_PAGED_POOL_INFO MmPagedPoolInfo;
 SIZE_T MmAllocatedNonPagedPool;
-ULONG MmSpecialPoolTag;
+ULONG MmSpecialPoolTag = 1;
 ULONG MmConsumedPoolPercentage;
 BOOLEAN MmProtectFreedNonPagedPool;
 SLIST_HEADER MiNonPagedPoolSListHead;
Index: special.c
===================================================================
--- ntoskrnl/mm/ARM3/special.c	(revision 71668)
+++ ntoskrnl/mm/ARM3/special.c	(working copy)
@@ -76,11 +76,33 @@
 NTAPI
 MmUseSpecialPool(SIZE_T NumberOfBytes, ULONG Tag)
 {
+    static ULONG Seed;
+    static BOOLEAN SeedInitialized;
+    ULONG Random;
+
     /* Special pool is not suitable for allocations bigger than 1 page */
     if (NumberOfBytes > (PAGE_SIZE - sizeof(POOL_HEADER)))
         return FALSE;
 
-    return Tag == MmSpecialPoolTag;
+    if (KeGetCurrentIrql() < DISPATCH_LEVEL)
+    {
+        if (!SeedInitialized)
+        {
+            LARGE_INTEGER Time;
+            KeQuerySystemTime(&Time);
+            Seed = Time.LowPart ^ Time.HighPart;
+            SeedInitialized = TRUE;
+        }
+        Random = RtlRandomEx(&Seed);
+    }
+    else
+    {
+        Seed = (1103515245 * Seed + 12345);
+        Random = Seed;
+    }
+    if (Random % 73 >= 67)
+        return TRUE;
+    return Tag == 'enoN';
 }
 
 BOOLEAN
@@ -268,7 +290,12 @@
                      0x30);
     }
 
-    /* TODO: Take into account various limitations */
+    /* Some allocations from Mm must never use special pool */
+    if (Tag == 'tSmM')
+    {
+        /* Reject and let normal pool handle it */
+        return NULL;
+    }
 
     /* Heed the maximum limit of nonpaged pages */
     if ((PoolType == NonPagedPool) &&