qcow: better limits on cluster size

Add a lower limit because cases such as eight byte clusters aren't
practical and aren't worth handling, tracking a cluster costs 16 bytes.

Also put an upper limit on the cluster size, choose 21 bits to match
qemu.

Change-Id: Ifcab081d0e630b5d26b0eafa552bd7c695821686
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1651458
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>

1 files changed, 5 insertions, 6 deletions

diff --git a/qcow/src/qcow.rs b/qcow/src/qcow.rs
index acd76b7..4c152d0 100644
--- a/qcow/src/qcow.rs
+++ b/qcow/src/qcow.rs
@@ -112,7 +112,10 @@ pub enum ImageType {
 const QCOW_MAGIC: u32 = 0x5146_49fb;
 // Default to a cluster size of 2^DEFAULT_CLUSTER_BITS
 const DEFAULT_CLUSTER_BITS: u32 = 16;
-const MAX_CLUSTER_BITS: u32 = 30;
+// Limit clusters to reasonable sizes. Choose the same limits as qemu. Making the clusters smaller
+// increases the amount of overhead for book keeping.
+const MIN_CLUSTER_BITS: u32 = 9;
+const MAX_CLUSTER_BITS: u32 = 21;
 // Only support 2 byte refcounts, 2^refcount_order bits.
 const DEFAULT_REFCOUNT_ORDER: u32 = 4;
 
@@ -342,14 +345,10 @@ impl QcowFile {
         }
 
         let cluster_bits: u32 = header.cluster_bits;
-        if cluster_bits > MAX_CLUSTER_BITS {
+        if cluster_bits < MIN_CLUSTER_BITS || cluster_bits > MAX_CLUSTER_BITS {
             return Err(Error::InvalidClusterSize);
         }
         let cluster_size = 0x01u64 << cluster_bits;
-        if cluster_size < size_of::<u64>() as u64 {
-            // Can't fit an offset in a cluster, nothing is going to work.
-            return Err(Error::InvalidClusterSize);
-        }
 
         // No current support for backing files.
         if header.backing_file_offset != 0 {