Hello,

My static analysis tool reports two possible ABBA deadlocks in the 
mwifiex driver in Linux 5.10:

# DEADLOCK 1:
mwifiex_dequeue_tx_packet()
   spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 1432 (Lock A)
   mwifiex_send_addba()
     spin_lock_bh(&priv->sta_list_spinlock); --> Line 608 (Lock B)

mwifiex_process_sta_tx_pause()
   spin_lock_bh(&priv->sta_list_spinlock); --> Line 398 (Lock B)
   mwifiex_update_ralist_tx_pause()
     spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 941 (Lock A)

When mwifiex_dequeue_tx_packet() and mwifiex_process_sta_tx_pause() are 
concurrently executed, the deadlock can occur.

# DEADLOCK 2:
mwifiex_dequeue_tx_packet()
   spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 1432 (Lock A)
   mwifiex_send_addba()
     spin_lock_bh(&priv->sta_list_spinlock); --> Line 608 (Lock B)

mwifiex_process_uap_tx_pause()
   spin_lock_bh(&priv->sta_list_spinlock); --> Line 363 (Lock B)
   mwifiex_update_ralist_tx_pause()
     spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 941 (Lock A)

When mwifiex_dequeue_tx_packet() and mwifiex_process_uap_tx_pause() are 
concurrently executed, the deadlock can occur.

I am not quite sure whether these possible deadlocks are real and how to 
fix them if they are real.
Any feedback would be appreciated, thanks :)

Reported-by: TOTE Robot <redacted>


Best wishes,
Jia-Ju Bai