From 024c44524fb3712956c381a0b6b9204a514e5fa0 Mon Sep 17 00:00:00 2001
From: "yaohua.wu" <yaohua.wu@zstack.io>
Date: Fri, 1 May 2026 12:37:54 +0800
Subject: [PATCH] <fix>[xinfini]: fail blacklist to prevent split-brain on VM
 start

XInfiniStorageController.blacklist was a no-op (// todo,
comp.success()). When ExternalPrimaryStorageKvmFactory's
beforeStartVmOnKvm fell back to blacklist after a deactivate
failure, the no-op silently allowed the VM to start while a
stale client on another host still held write access, risking
a split-brain on the volume.

1. Why?
xinfini does not implement volume path isolation yet. The
blacklist no-op masked the missing capability and let the
caller proceed as if the stale client had been fenced.

2. How?
Throw OperationFailureException from blacklist with a clear
message. Because beforeStartVmOnKvm invokes blacklist with
NopeCompletion (which ignores fail()), only an exception can
abort the VM start. This makes the unsupported case explicit
and conservative until xinfini supports path isolation.

3. Side effects?
VM start is aborted when an old active client cannot be
deactivated on xinfini. This is the safe behavior; previously
such VMs would start with split-brain risk.

# Summary of changes (by module):
- plugin/xinfini: throw OperationFailureException in blacklist
  instead of silently returning success.

Related: ZSTAC-84963
Change-Id: Ib0092f39a7b23cf7b06442ac9616cb2ce39240b7
---
 .../java/org/zstack/xinfini/XInfiniStorageController.java    | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/plugin/xinfini/src/main/java/org/zstack/xinfini/XInfiniStorageController.java b/plugin/xinfini/src/main/java/org/zstack/xinfini/XInfiniStorageController.java
index c1e5d855d3a..9d0a679fe3b 100644
--- a/plugin/xinfini/src/main/java/org/zstack/xinfini/XInfiniStorageController.java
+++ b/plugin/xinfini/src/main/java/org/zstack/xinfini/XInfiniStorageController.java
@@ -275,8 +275,9 @@ public void deactivate(String installPath, String protocol, ActiveVolumeClient c
 
     @Override
     public void blacklist(String installPath, String protocol, HostInventory h, Completion comp) {
-        // todo
-        comp.success();
+        throw new OperationFailureException(operr("xinfini does not support volume path isolation yet, " +
+                        "abort starting VM on host[uuid:%s, ip:%s] to prevent split-brain on volume[path:%s, protocol:%s]",
+                h.getUuid(), h.getManagementIp(), installPath, protocol));
     }
 
     @Override