slsm: use current_security() and current_cred()

cred uses RCU which requires appropriate locking which are handled by
current_security() and current_cred().

security/slsm/lsm.c

@@ -144,7 +144,7 @@ cleanup:
 }
 
 static void passt_bprm_committing_creds(struct linux_binprm *bprm) {
-	struct passt_task *old_pt = current_cred()->security;
+	struct passt_task *old_pt = current_security();
 	struct passt_task *new_pt = bprm->cred->security;
 
 	/* both smack and apparmor do this, I have no idea why */
@@ -207,7 +207,7 @@ static int passt_file_open(struct file *file, const struct cred *cred) {
 
 static int passt_path_link(struct dentry *old_dentry, struct path *new_dir,
 			      struct dentry *new_dentry) {
-	const struct cred *cred = current->cred;
+	const struct cred *cred = current_cred();
 	const struct passt_task *pt = cred->security;
 	struct path link = { new_dir->mnt, new_dentry };
 	/* TODO: is the mountpoint always the same for new_ and old_dentry?
@@ -218,7 +218,7 @@ static int passt_path_link(struct dentry *old_dentry, struct path *new_dir,
 	const char *link_name, *target_name;
 	int ret;
 
-	if (passt_path_common(new_dir, current->cred, SLSM_PERMS_W))
+	if (passt_path_common(new_dir, cred, SLSM_PERMS_W))
 		return -EACCES;
 
 	target_name = passt_get_path(&target, &target_buffer);
@@ -247,41 +247,41 @@ static int passt_path_symlink(struct path *dir, struct dentry *dentry,
 				const char *old_name) {
 	/* Symlinks are always followed so there's no need to verify the
 	 * target here. */
-	return passt_path_common(dir, current->cred, SLSM_PERMS_W);
+	return passt_path_common(dir, current_cred(), SLSM_PERMS_W);
 }
 
 static int passt_path_unlink(struct path *dir, struct dentry *dentry) {
-	return passt_path_common(dir, current->cred, SLSM_PERMS_W);
+	return passt_path_common(dir, current_cred(), SLSM_PERMS_W);
 }
 
 static int passt_path_rename(struct path *old_dir, struct dentry *old_dentry,
 				struct path *new_dir, struct dentry *new_dentry) {
-	if (passt_path_common(old_dir, current->cred, SLSM_PERMS_W) ||
-		passt_path_common(new_dir, current->cred, SLSM_PERMS_W))
+	if (passt_path_common(old_dir, current_cred(), SLSM_PERMS_W) ||
+		passt_path_common(new_dir, current_cred(), SLSM_PERMS_W))
 		return -EACCES;
 	return 0;
 }
 
 static int passt_path_mkdir(struct path *dir, struct dentry *dentry,
 			       umode_t mode) {
-	return passt_path_common(dir, current->cred, SLSM_PERMS_W);
+	return passt_path_common(dir, current_cred(), SLSM_PERMS_W);
 }
 
 static int passt_path_rmdir(struct path *dir, struct dentry *dentry) {
-	return passt_path_common(dir, current->cred, SLSM_PERMS_W);
+	return passt_path_common(dir, current_cred(), SLSM_PERMS_W);
 }
 
 static int passt_path_mknod(struct path *dir, struct dentry *dentry,
 			       umode_t mode, unsigned int dev) {
-	return passt_path_common(dir, current->cred, SLSM_PERMS_W);
+	return passt_path_common(dir, current_cred(), SLSM_PERMS_W);
 }
 
 static int passt_path_chmod(struct path *path, umode_t mode) {
-	return passt_path_common(path, current->cred, SLSM_PERMS_W);
+	return passt_path_common(path, current_cred(), SLSM_PERMS_W);
 }
 
 static int passt_path_chown(struct path *path, kuid_t uid, kgid_t gid) {
-	return passt_path_common(path, current->cred, SLSM_PERMS_W);
+	return passt_path_common(path, current_cred(), SLSM_PERMS_W);
 }
 
 
@@ -291,7 +291,7 @@ static int passt_unix_common(struct sock *other) {
 	if (!u_other->addr || !u_other->addr->name->sun_path[0])
 		return 0;
 
-	return passt_path_common(&u_other->path, current->cred, SLSM_PERMS_RW);
+	return passt_path_common(&u_other->path, current_cred(), SLSM_PERMS_RW);
 }
 
 static int passt_unix_stream_connect(struct sock *sock, struct sock *other,
@@ -366,7 +366,7 @@ static __init int passt_init(void) {
 	if (!pt)
 		/* TODO: panic? */
 		return -ENOMEM;
-	cred = (struct cred *)current->cred;
+	cred = (struct cred *)current_cred();
 	cred->security = pt;
 
 	security_add_hooks(passt_hooks, ARRAY_SIZE(passt_hooks));