[nrf fromtree] Bluetooth: Host: Fix handling of adv reports when scanning for connection

In some cases, the host starts scanning internally for establishing
connections (BT_LE_SCAN_USER_CONN), such as host-based resolving or
auto-connection. In this situation, even if the application does not
start explicit scan, the host still needs to handle the advertising
reports to continue the connection process.

Previously, both bt_hci_le_adv_report() and bt_hci_le_adv_ext_report()
will break or discard all reports when explicit scan is not active.
This causes the connection to stay in SCAN_BEFORE_INITIATING and never
move forward.

This patch adds checking of BT_LE_SCAN_USER_CONN to allow advertising
reports to be processed during connection-purpose scanning. When the
scan is started explicitly by application, the behavior remains the
same, only small comments are updated to describe this behavior and keep
the original code style unchanged.

Signed-off-by: Zhijie Zhong <[email protected]>
(cherry picked from commit 87e351f)
Signed-off-by: Pavel Vasilyev <[email protected]>

Author: zhongzhijie1

subsys/bluetooth/host/scan.c

@@ -632,13 +632,14 @@ static void le_adv_recv(bt_addr_le_t *addr, struct bt_le_scan_recv_info *info,
 	struct bt_le_scan_cb *listener, *next;
 	struct net_buf_simple_state state;
 	bt_addr_le_t id_addr;
+	bool explicit_scan = atomic_test_bit(scan_state.scan_flags, BT_LE_SCAN_USER_EXPLICIT_SCAN);
+	bool conn_scan     = atomic_test_bit(scan_state.scan_flags, BT_LE_SCAN_USER_CONN);
 
 	LOG_DBG("%s event %u, len %u, rssi %d dBm", bt_addr_le_str(addr), info->adv_type, len,
 		info->rssi);
 
 	if (!IS_ENABLED(CONFIG_BT_PRIVACY) && !IS_ENABLED(CONFIG_BT_SCAN_WITH_IDENTITY) &&
-	    atomic_test_bit(scan_state.scan_flags, BT_LE_SCAN_USER_EXPLICIT_SCAN) &&
-	    (info->adv_props & BT_HCI_LE_ADV_PROP_DIRECT)) {
+	    explicit_scan && (info->adv_props & BT_HCI_LE_ADV_PROP_DIRECT)) {
 		LOG_DBG("Dropped direct adv report");
 		return;
 	}
@@ -652,6 +653,13 @@ static void le_adv_recv(bt_addr_le_t *addr, struct bt_le_scan_recv_info *info,
 				bt_lookup_id_addr(BT_ID_DEFAULT, addr));
 	}
 
+	/* For connection-purpose scanning,
+	 * skip app callbacks but allow pending-conn check logic.
+	 */
+	if (!explicit_scan && conn_scan) {
+		goto check_pending_conn;
+	}
+
 	if (scan_dev_found_cb) {
 		net_buf_simple_save(buf, &state);
 
@@ -677,6 +685,7 @@ static void le_adv_recv(bt_addr_le_t *addr, struct bt_le_scan_recv_info *info,
 	/* Clear pointer to this stack frame before returning to calling function */
 	info->addr = NULL;
 
+check_pending_conn:
 #if defined(CONFIG_BT_CENTRAL)
 	check_pending_conn(&id_addr, addr, info->adv_props);
 #endif /* CONFIG_BT_CENTRAL */
@@ -805,6 +814,8 @@ static void create_ext_adv_info(struct bt_hci_evt_le_ext_advertising_info const
 void bt_hci_le_adv_ext_report(struct net_buf *buf)
 {
 	uint8_t num_reports = net_buf_pull_u8(buf);
+	bool explicit_scan = atomic_test_bit(scan_state.scan_flags, BT_LE_SCAN_USER_EXPLICIT_SCAN);
+	bool conn_scan     = atomic_test_bit(scan_state.scan_flags, BT_LE_SCAN_USER_CONN);
 
 	LOG_DBG("Adv number of reports %u", num_reports);
 
@@ -817,19 +828,23 @@ void bt_hci_le_adv_ext_report(struct net_buf *buf)
 		bool more_to_come;
 		bool is_new_advertiser;
 
-		if (!atomic_test_bit(scan_state.scan_flags, BT_LE_SCAN_USER_EXPLICIT_SCAN)) {
+		if (!explicit_scan) {
 			/* The application has not requested explicit scan, so it is not expecting
 			 * advertising reports. Discard, and reset the reassembler if not inactive
 			 * This is done in the loop as this flag can change between each iteration,
 			 * and it is not uncommon that scanning is disabled in the callback called
-			 * from le_adv_recv
+			 * from le_adv_recv.
+			 *
+			 * However, if scanning is running for connection purposes,
+			 * the report shall still be processed to allow pending connections.
 			 */
-
 			if (reassembling_advertiser.state != FRAG_ADV_INACTIVE) {
 				reset_reassembling_advertiser();
 			}
 
-			break;
+			if (!conn_scan) {
+				break;
+			}
 		}
 
 		if (buf->len < sizeof(*evt)) {
@@ -1669,18 +1684,23 @@ void bt_hci_le_adv_report(struct net_buf *buf)
 {
 	uint8_t num_reports = net_buf_pull_u8(buf);
 	struct bt_hci_evt_le_advertising_info *evt;
+	bool explicit_scan = atomic_test_bit(scan_state.scan_flags, BT_LE_SCAN_USER_EXPLICIT_SCAN);
+	bool conn_scan     = atomic_test_bit(scan_state.scan_flags, BT_LE_SCAN_USER_CONN);
 
 	LOG_DBG("Adv number of reports %u",  num_reports);
 
 	while (num_reports--) {
 		struct bt_le_scan_recv_info adv_info;
 
-		if (!atomic_test_bit(scan_state.scan_flags, BT_LE_SCAN_USER_EXPLICIT_SCAN)) {
+		if (!explicit_scan && !conn_scan) {
 			/* The application has not requested explicit scan, so it is not expecting
 			 * advertising reports. Discard.
 			 * This is done in the loop as this flag can change between each iteration,
 			 * and it is not uncommon that scanning is disabled in the callback called
-			 * from le_adv_recv
+			 * from le_adv_recv.
+			 *
+			 * However, if scanning is running for connection purposes,
+			 * the report shall still be processed to allow pending connections.
 			 */
 
 			break;