staging: vchiq_core: fix service dereference in unlock_service

The service state is dereferenced before BUG_ON and outside of the
spin lock. So in order to avoid possible NULL pointer dereferences or
races move the whole scope at a safer place.

This issue has been found by Cppcheck.
Signed-off-by: NStefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c

@@ -296,12 +296,13 @@ lock_service(VCHIQ_SERVICE_T *service)
 void
 unlock_service(VCHIQ_SERVICE_T *service)
 {
-	VCHIQ_STATE_T *state = service->state;
 	spin_lock(&service_spinlock);
 	BUG_ON(!service || (service->ref_count == 0));
 	if (service && service->ref_count) {
 		service->ref_count--;
 		if (!service->ref_count) {
+			VCHIQ_STATE_T *state = service->state;
+
 			BUG_ON(service->srvstate != VCHIQ_SRVSTATE_FREE);
 			state->services[service->localport] = NULL;
 		} else