I started putting in ASSERT_IRQL in ntoskrnl, hoping that only my own code would break from it. The results are ... interesting.
I've put a metabug (426) on bugzilla which is about reactos not honoring documented irql requirements. I fixed a place in win32k.sys, but there are probably more. I think we should clean these up and get the assert_irqls into HEAD, so that people like me won't get bitten over and over by assuming we're in one irql when we're in another.
Unrelated, please take a look at the following patch, anyone who's cozy with the mm. The reason why this code is needed is that MmNotPresentFault and MmAccessFault will try to lock the address space as well as MmProbeAndLockPages. Since this is a spin lock, reactos will always bugcheck when MmProbeAndLockPages faults in a page, even if that would be legal otherwise. I'm not sure if this patch fixes it right but it does seem to work this way. If i don't hear too many complaints i'll think about committing something similar.
There are a couple of other places where MmNotPresentFault is called (section.c) within a MmLockAddressSpace. Another idea would be to give MmNotPresentFault and MmAccessFault an extra argument so they can ignore locking if the address space is already locked.