afs: Sanity-check some AFSFetchStatus structures

We currently do not do any sanity checking on the AFSFetchStatus
structures returned from fileservers. Add some sanity checking for
BulkStatus and FetchStatus calls, so we do not screw up our cache if a
fileserver gives us bogus data.

If we do get an invalid AFSFetchStatus structure, act as if the server
gave us a VBUSY error code, so we will retry the request. For OpenAFS
fileservers prior to 1.6.1 that yield this situation, VBUSY is likely
the error code the fileserver should have responded anyway.

Reviewed-on: http://gerrit.openafs.org/6880
Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
(cherry picked from commit 5af63fabc553a2fecd4c3080b25fe14483f5bd98)

Change-Id: I88922a75ada96d641bfd0078a8e7d6854c4ea699
Reviewed-on: http://gerrit.openafs.org/7992
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

src/afs/VNOPS/afs_vnop_lookup.c

@@ -622,6 +622,29 @@ Next_AtSys(struct vcache *avc, struct vrequest *areq,
     return 1;
 }
 
+static int
+afs_CheckBulkStatus(struct afs_conn *tc, int nFids, AFSBulkStats *statParm,
+                    AFSCBs *cbParm)
+{
+    int i;
+    int code;
+
+    if (statParm->AFSBulkStats_len != nFids || cbParm->AFSCBs_len != nFids) {
+	return VBUSY;
+    }
+    for (i = 0; i < nFids; i++) {
+	if (statParm->AFSBulkStats_val[i].errorCode) {
+	    continue;
+	}
+	code = afs_CheckFetchStatus(tc, &statParm->AFSBulkStats_val[i]);
+	if (code) {
+	    return code;
+	}
+    }
+
+    return 0;
+}
+
 extern int BlobScan(struct dcache * afile, afs_int32 ablob);
 
 /* called with an unlocked directory and directory cookie.  Areqp
@@ -1001,6 +1024,10 @@ afs_DoBulkStat(struct vcache *adp, long dirCookie, struct vrequest *areqp)
 		RX_AFS_GLOCK();
 	    }
 	    XSTATS_END_TIME;
+
+	    if (code == 0) {
+		code = afs_CheckBulkStatus(tcp, fidIndex, &statParm, &cbParm);
+	    }
 	} else
 	    code = -1;
     } while (afs_Analyze

src/afs/afs_prototypes.h

@@ -1041,6 +1041,8 @@ extern void afs_FlushReclaimedVcaches(void);
 void afs_vcacheInit(int astatSize);
 extern struct vcache *afs_FindVCache(struct VenusFid *afid, afs_int32 * retry,
 				     afs_int32 flag);
+extern int afs_CheckFetchStatus(struct afs_conn *tc,
+                                struct AFSFetchStatus *status);
 extern afs_int32 afs_FetchStatus(struct vcache *avc, struct VenusFid *afid,
 				 struct vrequest *areq,
 				 struct AFSFetchStatus *Outsp);

src/afs/afs_vcache.c

@@ -2280,6 +2280,30 @@ afs_UpdateStatus(struct vcache *avc, struct VenusFid *afid,
     	afs_PutVolume(volp, READ_LOCK);
 }
 
+/**
+ * Check if a given AFSFetchStatus structure is sane.
+ *
+ * @param[in] tc The server from which we received the status
+ * @param[in] status The status we received
+ *
+ * @return whether the given structure is valid or not
+ *  @retval 0 the structure is fine
+ *  @retval nonzero the structure looks like garbage; act as if we received
+ *                  the returned error code from the server
+ */
+int
+afs_CheckFetchStatus(struct afs_conn *tc, struct AFSFetchStatus *status)
+{
+    if (status->errorCode ||
+        status->InterfaceVersion != 1 ||
+        !(status->FileType > Invalid && status->FileType <= SymbolicLink) ||
+        status->ParentVnode == 0 || status->ParentUnique == 0) {
+
+	return VBUSY;
+    }
+    return 0;
+}
+
 /*!
  * Must be called with avc write-locked
  * don't absolutely have to invalidate the hint unless the dv has
@@ -2311,6 +2335,10 @@ afs_FetchStatus(struct vcache * avc, struct VenusFid * afid,
 
 	    XSTATS_END_TIME;
 
+	    if (code == 0) {
+		code = afs_CheckFetchStatus(tc, Outsp);
+	    }
+
 	} else
 	    code = -1;
     } while (afs_Analyze