2 files changed, 14 insertions, 1 deletions

diff --git a/drivers/scsi/ipr.c b/drivers/scsi/ipr.c
index 999e91ea7451..e7a3a6554425 100644
--- a/drivers/scsi/ipr.c
+++ b/drivers/scsi/ipr.c
@@ -71,6 +71,7 @@
 #include <linux/module.h>
 #include <linux/moduleparam.h>
 #include <linux/libata.h>
+#include <linux/hdreg.h>
 #include <asm/io.h>
 #include <asm/irq.h>
 #include <asm/processor.h>
@@ -4913,8 +4914,11 @@ static int ipr_ioctl(struct scsi_device *sdev, int cmd, void __user *arg)
         struct ipr_resource_entry *res;
 
         res = (struct ipr_resource_entry *)sdev->hostdata;
-        if (res && ipr_is_gata(res))
+        if (res && ipr_is_gata(res)) {
+                if (cmd == HDIO_GET_IDENTITY)
+                        return -ENOTTY;
                 return ata_scsi_ioctl(sdev, cmd, arg);
+        }
 
         return -EINVAL;
 }
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index a82d2fe80fb5..cbf55d59a54c 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -207,6 +207,15 @@ int scsi_execute(struct scsi_device *sdev, const unsigned char *cmd,
          */
         blk_execute_rq(req->q, NULL, req, 1);
 
+        /*
+         * Some devices (USB mass-storage in particular) may transfer
+         * garbage data together with a residue indicating that the data
+         * is invalid.  Prevent the garbage from being misinterpreted
+         * and prevent security leaks by zeroing out the excess data.
+         */
+        if (unlikely(req->data_len > 0 && req->data_len <= bufflen))
+                memset(buffer + (bufflen - req->data_len), 0, req->data_len);
+
         ret = req->errors;
  out:
         blk_put_request(req);