drm/self_refresh: Fix possible NULL deref in failure path

If state allocation fails, we still try to give back the reference on
it. Also initialize ret in case the crtc is not enabled and we hit the
eject button.

Fixes: 1452c25b ("drm: Add helpers to kick off self refresh mode in drivers")
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Jose Souza <jose.souza@intel.com>
Cc: Zain Wang <wzz@rock-chips.com>
Cc: Tomasz Figa <tfiga@chromium.org>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Sean Paul <seanpaul@chromium.org>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <maxime.ripard@bootlin.com>
Cc: Sean Paul <sean@poorly.run>
Cc: David Airlie <airlied@linux.ie>
Cc: dri-devel@lists.freedesktop.org
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20190619181951.192305-1-sean@poorly.run

drivers/gpu/drm/drm_self_refresh_helper.c

@@ -69,14 +69,14 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work)
 	struct drm_connector *conn;
 	struct drm_connector_state *conn_state;
 	struct drm_crtc_state *crtc_state;
-	int i, ret;
+	int i, ret = 0;
 
 	drm_modeset_acquire_init(&ctx, 0);
 
 	state = drm_atomic_state_alloc(dev);
 	if (!state) {
 		ret = -ENOMEM;
-		goto out;
+		goto out_drop_locks;
 	}
 
 retry:
@@ -116,6 +116,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work)
 	}
 
 	drm_atomic_state_put(state);
+
+out_drop_locks:
 	drm_modeset_drop_locks(&ctx);
 	drm_modeset_acquire_fini(&ctx);
 }