From b4c73817794743577f43f5417d0d06f6153518f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A5vard=20Reierstad?= <haavard.reierstad@nordicsemi.no>
Date: Wed, 6 Nov 2024 12:34:15 +0100
Subject: [PATCH] Bluetooth: Host: Ensure only connected peers affect
 `_bt_gatt_ccc.value`
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The doc on `_bt_gatt_ccc.value` specifies that only connected peers
contribute to that value. But before this change, it was computed from
all entries in `_bt_gatt_ccc.cfg`, which include bonded but not
connected peers when `CONFIG_BT_SETTINGS_CCC_LAZY_LOADING` is set.

Co-authored-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
---
 subsys/bluetooth/host/gatt.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/subsys/bluetooth/host/gatt.c b/subsys/bluetooth/host/gatt.c
index 33d8bc8b60bbf1..118af2097afe08 100644
--- a/subsys/bluetooth/host/gatt.c
+++ b/subsys/bluetooth/host/gatt.c
@@ -2195,8 +2195,17 @@ static void gatt_ccc_changed(const struct bt_gatt_attr *attr,
 	uint16_t value = 0x0000;
 
 	for (i = 0; i < ARRAY_SIZE(ccc->cfg); i++) {
-		if (ccc->cfg[i].value > value) {
-			value = ccc->cfg[i].value;
+		/* `ccc->value` shall be a summary of connected peers' CCC values, but
+		 * `ccc->cfg` can contain entries for bonded but not connected peers.
+		 */
+		struct bt_conn *conn = bt_conn_lookup_addr_le(ccc->cfg[i].id, &ccc->cfg[i].peer);
+
+		if (conn) {
+			if (ccc->cfg[i].value > value) {
+				value = ccc->cfg[i].value;
+			}
+
+			bt_conn_unref(conn);
 		}
 	}