One option for passing the length to the swabbing function without having to change all of the swabbers at once would be to add a separate rmf_swab_len function pointer to req_msg_field:
int (*rmf_swab_len)(void *, len);
and assign this with a new DEFINE_MSGFL() macro, similar to DEFINE_MSGF().
Then, in swabber_dumper_helper() if the ->rmf_swab_len() function is available, that should be used in preference to ->rmf_swabber() and can pass the buffer length ("len" in that function) to lustre_swab_fiemap() (and the other similar functions) with an extra "u32 len" argument.
That allows proper verification of the fields and avoids potential overflow. Unfortunately, there is no way to return an error from those functions (void functions all the way up), so the best we can do is limit the swabbing to the fields that fit within the buffer length and then return -EOVERFLOW. While the error itself will be ignored by the caller, we may as well make the new function prototype return the error as the starting point to fixing the rest of the code to handle errors better in the future.
Also, the "LASSERT((len % field->rmf_size) == 0)" in swabber_dumper_helper() should be removed, but I'm not sure what to do in case of an error at that point, since there is the same inability to return an error to the caller and there are too many callers to req_capsule.*_get() to change easily. One option would be to also change the swabber_dumper_helper() to print a CERROR() (so at least we know about the problem) and then return -EPROTO to the caller (which will also be ignored, but again improving the code for the future).
It looks like all of these patches are landed.