[nrf fromtree] bluetooth: host: Fix stale RPA usage after invalidation

PavelVPV · carlescufi · commit 16d748b0c1da · 2025-12-02T13:18:06.000+01:00
Add !BT_ADV_RPA_VALID check to force RPA regeneration when re-enabling
an advertising set after RPA rotation occurred while disabled.

The BT_ADV_RANDOM_ADDR_UPDATED flag was added to prevent unnecessary
address regeneration (RPA/NRPA) between bt_le_ext_adv_param_set() and
bt_le_ext_adv_start() calls. However, this revealed an issue:

When RPA rotation (le_force_rpa_timeout) occurs while an advertiser is
disabled, BT_ADV_RPA_VALID is cleared but the RPA is not regenerated.
On subsequent bt_le_ext_adv_start() without a new param_set() call:
- BT_ADV_RANDOM_ADDR_UPDATED is already cleared (from previous start)
- Without BT_PER_ADV_ENABLED, no regeneration occurs
- Stale RPA is used, violating privacy requirements

Add !BT_ADV_RPA_VALID check for both connectable and non-connectable
advertisers to ensure fresh RPA generation when the previous RPA was
invalidated while the advertiser was disabled.

Fixes regression introduced in #98117.

Signed-off-by: Pavel Vasilyev &lt;pavel.vasilyev@nordicsemi.no&gt;
(cherry picked from commit 6da559f56544aa2ed1c93071ffad203a523d432c)
diff --git a/subsys/bluetooth/host/adv.c b/subsys/bluetooth/host/adv.c
@@ -1566,13 +1566,16 @@ int bt_le_ext_adv_start(struct bt_le_ext_adv *adv,
 		if (IS_ENABLED(CONFIG_BT_PRIVACY) &&
 		    !atomic_test_bit(adv->flags, BT_ADV_USE_IDENTITY) &&
 		    (!atomic_test_and_clear_bit(adv->flags, BT_ADV_RANDOM_ADDR_UPDATED) ||
-		     atomic_test_bit(adv->flags, BT_PER_ADV_ENABLED))) {
+		     atomic_test_bit(adv->flags, BT_PER_ADV_ENABLED) ||
+		     !atomic_test_bit(adv->flags, BT_ADV_RPA_VALID))) {
 			bt_id_set_adv_private_addr(adv);
 		}
 	} else {
 		if (!atomic_test_bit(adv->flags, BT_ADV_USE_IDENTITY) &&
 		    (!atomic_test_and_clear_bit(adv->flags, BT_ADV_RANDOM_ADDR_UPDATED) ||
-		     atomic_test_bit(adv->flags, BT_PER_ADV_ENABLED))) {
+		     atomic_test_bit(adv->flags, BT_PER_ADV_ENABLED) ||
+		     (IS_ENABLED(CONFIG_BT_PRIVACY) &&
+		      !atomic_test_bit(adv->flags, BT_ADV_RPA_VALID)))) {
 			bt_id_set_adv_private_addr(adv);
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -1566,13 +1566,16 @@ int bt_le_ext_adv_start(struct bt_le_ext_adv *adv,`
`1566`	`1566`	`if (IS_ENABLED(CONFIG_BT_PRIVACY) &&`
`1567`	`1567`	`!atomic_test_bit(adv->flags, BT_ADV_USE_IDENTITY) &&`
`1568`	`1568`	`(!atomic_test_and_clear_bit(adv->flags, BT_ADV_RANDOM_ADDR_UPDATED) \|\|`
`1569`		`- atomic_test_bit(adv->flags, BT_PER_ADV_ENABLED))) {`
	`1569`	`+ atomic_test_bit(adv->flags, BT_PER_ADV_ENABLED) \|\|`
	`1570`	`+ !atomic_test_bit(adv->flags, BT_ADV_RPA_VALID))) {`
`1570`	`1571`	`bt_id_set_adv_private_addr(adv);`
`1571`	`1572`	`}`
`1572`	`1573`	`} else {`
`1573`	`1574`	`if (!atomic_test_bit(adv->flags, BT_ADV_USE_IDENTITY) &&`
`1574`	`1575`	`(!atomic_test_and_clear_bit(adv->flags, BT_ADV_RANDOM_ADDR_UPDATED) \|\|`
`1575`		`- atomic_test_bit(adv->flags, BT_PER_ADV_ENABLED))) {`
	`1576`	`+ atomic_test_bit(adv->flags, BT_PER_ADV_ENABLED) \|\|`
	`1577`	`+ (IS_ENABLED(CONFIG_BT_PRIVACY) &&`
	`1578`	`+ !atomic_test_bit(adv->flags, BT_ADV_RPA_VALID)))) {`
`1576`	`1579`	`bt_id_set_adv_private_addr(adv);`
`1577`	`1580`	`}`
`1578`	`1581`	`}`