[I have already submitted this bug to the DDK bug reports, but thought I’d share it with all of you, since it’s potentially very bad. I suggest everyone search their code base for the same bug!]
The only code example of ExInitializeNPagedLookasideList in either the NT
4.0 DDK or MSDN is in CLASS.C, which is a SCSI driver. However, this
example specifies the flag NonPagedPoolMustSucceed.
There are two problems with this.
First, that flag is not valid. The documentation for
ExInitializeNPagedLookasideList clearly states that the flags should nearly
always be 0, except for the rare POOL_RAISE_IF_ALLOCATION_FAILURE.
Second, if the flag NonPagedPoolMustSucceed is specified, all allocations
for that lookaside list (not just the initialization) will be from the “must
succeed” pool.
The “must succeed” pool is a very scarce resource, which is only about 16 KB
large. If the lookaside list happens to exhaust that memory, it will cause
a blue screen, namely event 0x00000041, MUST_SUCCEED_POOL_EMPTY.
A programmer here had copied the code from the DDK for our project, and we
would get that blue screen under high load. It took us a few days to track
it down to using the “must succeed” pool instead of the normal pool.
I feel that is a serious bug in the CLASS.C code, which will cause bugs in
other people’s code since it is the only example of the
ExInitializeNPagedLookasideList function.