[NTOS:CM] Do not call CmpSecurityMethod when assigning a security descriptor

CmpSecurityMethod is a method used by the Object Manager and called by this
subsystem whenever a security operation has to be done against a key object.

As CmpSecurityMethod is a specific OB construct we should not make any direct
call attempts to CmpSecurityMethod, only OB is responsible for that. This fixes
a deadlock where CmpSecurityMethod acquires a push lock for exclusive access
even though such lock is already acquired by the same calling thread in
CmpDoCreateChild.

ntoskrnl/config/cmparse.c

@@ -367,14 +367,14 @@ CmpDoCreateChild(IN PHHIVE Hive,
                               CmpKeyObjectType->TypeInfo.PoolType);
     if (NT_SUCCESS(Status))
     {
-        Status = CmpSecurityMethod(*Object,
-                                   AssignSecurityDescriptor,
-                                   NULL,
-                                   NewDescriptor,
-                                   NULL,
-                                   NULL,
-                                   CmpKeyObjectType->TypeInfo.PoolType,
-                                   &CmpKeyObjectType->TypeInfo.GenericMapping);
+        /*
+         * FIXME: We must acquire a security lock when assigning
+         * a security descriptor to this hive but since the
+         * CmpAssignSecurityDescriptor function does nothing
+         * (we lack the necessary security management implementations
+         * anyway), do not do anything for now.
+         */
+        Status = CmpAssignSecurityDescriptor(Kcb, NewDescriptor);
     }
 
     /* Now that the security descriptor is copied in the hive, we can free the original */

ntoskrnl/include/internal/cm.h

@@ -510,6 +510,15 @@ CmpDestroyHiveViewList(
     IN PCMHIVE Hive
 );
 
+//
+// Security Management Functions
+//
+NTSTATUS
+CmpAssignSecurityDescriptor(
+    IN PCM_KEY_CONTROL_BLOCK Kcb,
+    IN PSECURITY_DESCRIPTOR SecurityDescriptor
+);
+
 //
 // Security Cache Functions
 //