While calculating the mac address the pointer for the current octet was never reset back to the least significant one after being decremented because of an octet overflow. This resulted in the code continuing to increment at the current octet, potentially generating duplicate or invalid mac addresses. As a second issue the pointer was allowed to advance up to the most significant octet, modifying the OUI, and potentially changing the type of mac address. Rewrite the code so it resets the pointer to the least significant in each outer loop step, and bails out when the least significant octet of the OUI is reached. Signed-off-by: Jonas Gorski <jonas.gorski@xxxxxxxxx> --- V1 -> V2: add a missing variable declaration breaking the compilation. arch/mips/bcm63xx/boards/board_bcm963xx.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/arch/mips/bcm63xx/boards/board_bcm963xx.c b/arch/mips/bcm63xx/boards/board_bcm963xx.c index ea4ea77..442ba96 100644 --- a/arch/mips/bcm63xx/boards/board_bcm963xx.c +++ b/arch/mips/bcm63xx/boards/board_bcm963xx.c @@ -720,7 +720,7 @@ const char *board_get_name(void) */ static int board_get_mac_address(u8 *mac) { - u8 *p; + u8 *oui; int count; if (mac_addr_used >= nvram.mac_addr_count) { @@ -729,21 +729,23 @@ static int board_get_mac_address(u8 *mac) } memcpy(mac, nvram.mac_addr_base, ETH_ALEN); - p = mac + ETH_ALEN - 1; + oui = mac + ETH_ALEN/2 - 1; count = mac_addr_used; while (count--) { + u8 *p = mac + ETH_ALEN - 1; + do { (*p)++; if (*p != 0) break; p--; - } while (p != mac); - } + } while (p != oui); - if (p == mac) { - printk(KERN_ERR PFX "unable to fetch mac address\n"); - return -ENODEV; + if (p == oui) { + printk(KERN_ERR PFX "unable to fetch mac address\n"); + return -ENODEV; + } } mac_addr_used++; -- 1.7.10.4