X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=MdeModulePkg%2FCore%2FPiSmmCore%2FInstallConfigurationTable.c;h=867d1ac4b13a0e488511b2c8447535f0ec619075;hp=9623fae7f28adbed80752095b90026926ad1aa3d;hb=322d827c0f41efe14387ee67834ddced09f95c9c;hpb=e42e94041f7c71a5e2e57154bd568f3c14fd6eec

diff --git a/MdeModulePkg/Core/PiSmmCore/InstallConfigurationTable.c b/MdeModulePkg/Core/PiSmmCore/InstallConfigurationTable.c
index 9623fae7f2..867d1ac4b1 100644
--- a/MdeModulePkg/Core/PiSmmCore/InstallConfigurationTable.c
+++ b/MdeModulePkg/Core/PiSmmCore/InstallConfigurationTable.c
@@ -1,7 +1,7 @@
 /** @file
   System Management System Table Services SmmInstallConfigurationTable service
 
-  Copyright (c) 2009 - 2010, Intel Corporation.  All rights reserved.<BR>
+  Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
   This program and the accompanying materials are licensed and made available 
   under the terms and conditions of the BSD License which accompanies this 
   distribution.  The full text of the license may be found at        
@@ -46,6 +46,7 @@ SmmInstallConfigurationTable (
 {
   UINTN                    Index;
   EFI_CONFIGURATION_TABLE  *ConfigurationTable;
+  EFI_CONFIGURATION_TABLE  *OldTable;
 
   //
   // If Guid is NULL, then this operation cannot be performed
@@ -72,7 +73,7 @@ SmmInstallConfigurationTable (
     if (Table != NULL) {
       //
       // If Table is not NULL, then this is a modify operation.
-      // Modify the table enty and return.
+      // Modify the table entry and return.
       //
       ConfigurationTable[Index].VendorTable = Table;
       return EFI_SUCCESS;
@@ -130,15 +131,30 @@ SmmInstallConfigurationTable (
           );
 
         //
-        // Free Old Table
+        // Record the old table pointer.
         //
-        FreePool (gSmmCoreSmst.SmmConfigurationTable);
-      }
+        OldTable = gSmmCoreSmst.SmmConfigurationTable;
 
-      //
-      // Update System Table
-      //
-      gSmmCoreSmst.SmmConfigurationTable = ConfigurationTable;
+        //
+        // As the SmmInstallConfigurationTable() may be re-entered by FreePool() in
+        // its calling stack, updating System table to the new table pointer must
+        // be done before calling FreePool() to free the old table.
+        // It can make sure the gSmmCoreSmst.SmmConfigurationTable point to the new
+        // table and avoid the errors of use-after-free to the old table by the
+        // reenter of SmmInstallConfigurationTable() in FreePool()'s calling stack.
+        //
+        gSmmCoreSmst.SmmConfigurationTable = ConfigurationTable;
+
+        //
+        // Free the old table after updating System Table to the new table pointer.
+        //
+        FreePool (OldTable);
+      } else {
+        //
+        // Update System Table
+        //
+        gSmmCoreSmst.SmmConfigurationTable = ConfigurationTable;
+      }
     }
 
     //