selftests: fib_nexthops: test stale has_v4 on nexthop replace

Add test cases that exercise the scenario where an IPv6 nexthop is
replaced with an IPv4 nexthop while being part of a group. The group's
has_v4 flag must be updated so that subsequent IPv6 route additions are
properly rejected.

Two cases are covered:
  1. Gateway nexthop replaced across families with an existing IPv6
     route on the group (rejected by fib6_check_nh_list).
  2. Blackhole nexthop replaced across families with no existing IPv6
     route on the group (fib6_check_nh_list returns early) — this is
     the path that triggers a NULL ptr deref without the kernel fix.

Signed-off-by: Jiayuan Chen <jiayuan.chen@linux.dev>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20260413114522.147784-2-jiayuan.chen@linux.dev
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

diff --git a/tools/testing/selftests/net/fib_nexthops.sh b/tools/testing/selftests/net/fib_nexthops.sh
index 6eb7f95e70e153a0fc7ad65111ce4810c0147b4a..ac868a7316946aa690bef597fd366acfa3a88061 100755 (executable)
--- a/tools/testing/selftests/net/fib_nexthops.sh
+++ b/tools/testing/selftests/net/fib_nexthops.sh
@@ -1209,6 +1209,28 @@ ipv6_fcnal_runtime()
        run_cmd "$IP ro replace 2001:db8:101::1/128 nhid 124"
        log_test $? 0 "IPv6 route using a group after replacing v4 gateways"
 
+       # Replacing an IPv6 nexthop with an IPv4 nexthop should update has_v4
+       # for all groups using it, preventing IPv6 routes from referencing the
+       # group after the replace.
+       run_cmd "$IP nexthop add id 89 via 2001:db8:91::2 dev veth1"
+       run_cmd "$IP nexthop add id 125 group 89"
+       run_cmd "$IP nexthop replace id 89 via 172.16.1.1 dev veth1"
+       run_cmd "$IP ro replace 2001:db8:101::1/128 nhid 125"
+       log_test $? 2 "IPv6 route can not use group after v6 nexthop replaced by v4"
+
+       # Same scenario but with a blackhole nexthop: the group has no IPv6
+       # routes yet when the replace happens, so fib6_check_nh_list returns
+       # early without checking. has_v4 must still be updated to block
+       # subsequent IPv6 route additions.
+       run_cmd "$IP nexthop flush >/dev/null 2>&1"
+       run_cmd "$IP -6 nexthop add id 90 blackhole"
+       run_cmd "$IP nexthop add id 125 group 90"
+       run_cmd "$IP nexthop replace id 90 blackhole"
+       run_cmd "$IP -6 ro add 2001:db8:101::1/128 nhid 125"
+       log_test $? 2 "IPv6 route reject v6 blackhole replaced by v4 blackhole"
+       run_cmd "ip netns exec $me ping -6 2001:db8:101::1 -c1 -w$PING_TIMEOUT"
+       log_test $? 2 "Ping unreachable after rejected route"
+
        $IP nexthop flush >/dev/null 2>&1
 
        #