OvmfPkg: SataControllerDxe: SataControllerStop: fix use after free

It would be possible to remove the UAF without local variables, by calling
SataPrivateData->PciIo->Attributes() before releasing SataPrivateData.

However, by keeping the location of the call (for which temporary
variables are necessary), we continue to match the error path logic in
SataControllerStart(), which is always recommended.

Reported-by: wang xiaofeng <winggundum82@163.com>
Fixes: bcab71413407e61c144994925556725dd65eede9
Cc: wang xiaofeng <winggundum82@163.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

OvmfPkg/SataControllerDxe/SataController.c

@@ -570,6 +570,8 @@ SataControllerStop (
   EFI_STATUS                        Status;
   EFI_IDE_CONTROLLER_INIT_PROTOCOL  *IdeInit;
   EFI_SATA_CONTROLLER_PRIVATE_DATA  *SataPrivateData;
+  EFI_PCI_IO_PROTOCOL               *PciIo;
+  UINT64                            OriginalPciAttributes;
 
   //
   // Open the produced protocol
@@ -589,6 +591,9 @@ SataControllerStop (
   SataPrivateData = SATA_CONTROLLER_PRIVATE_DATA_FROM_THIS (IdeInit);
   ASSERT (SataPrivateData != NULL);
 
+  PciIo                 = SataPrivateData->PciIo;
+  OriginalPciAttributes = SataPrivateData->OriginalPciAttributes;
+
   //
   // Uninstall the IDE Controller Init Protocol from this instance
   //
@@ -616,10 +621,10 @@ SataControllerStop (
   //
   // Restore original PCI attributes
   //
-  SataPrivateData->PciIo->Attributes (
-                            SataPrivateData->PciIo,
+  PciIo->Attributes (
+           PciIo,
            EfiPciIoAttributeOperationSet,
-                            SataPrivateData->OriginalPciAttributes,
+           OriginalPciAttributes,
            NULL
            );