Helper function bpf_get_current_task
Definition
Copyright (c) 2015 The Libbpf Authors. All rights reserved.
Get the current task.
Returns
A pointer to the current task struct.
static __u64 (* const bpf_get_current_task)(void) = (void *) 35;
Usage
This helper function returns a BPF‐safe pointer to the kernel’s task_struct (thread execution context) for the currently executing process or thread. This helper can be used to compute the on-CPU time for a process, identify kernel threads, get the current CPU's run queue, or retrieve many other pieces of information.
Program types
This helper call can be used in the following program types:
BPF_PROG_TYPE_CGROUP_DEVICEBPF_PROG_TYPE_CGROUP_SKBBPF_PROG_TYPE_CGROUP_SOCKBPF_PROG_TYPE_CGROUP_SOCKOPTBPF_PROG_TYPE_CGROUP_SOCK_ADDRBPF_PROG_TYPE_CGROUP_SYSCTLBPF_PROG_TYPE_FLOW_DISSECTORBPF_PROG_TYPE_KPROBEBPF_PROG_TYPE_LSMBPF_PROG_TYPE_LWT_INBPF_PROG_TYPE_LWT_OUTBPF_PROG_TYPE_LWT_SEG6LOCALBPF_PROG_TYPE_LWT_XMITBPF_PROG_TYPE_NETFILTERBPF_PROG_TYPE_PERF_EVENTBPF_PROG_TYPE_RAW_TRACEPOINTBPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLEBPF_PROG_TYPE_SCHED_ACTBPF_PROG_TYPE_SCHED_CLSBPF_PROG_TYPE_SK_LOOKUPBPF_PROG_TYPE_SK_MSGBPF_PROG_TYPE_SK_REUSEPORTBPF_PROG_TYPE_SK_SKBBPF_PROG_TYPE_SOCKET_FILTERBPF_PROG_TYPE_SOCK_OPSBPF_PROG_TYPE_STRUCT_OPSBPF_PROG_TYPE_SYSCALLBPF_PROG_TYPE_TRACEPOINTBPF_PROG_TYPE_TRACINGBPF_PROG_TYPE_XDP
Example
#include <vmlinux.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_core_read.h>
SEC("tp/syscalls/sys_enter_open")
int sys_open_trace(void *ctx) {
struct task_struct *task = (void *)bpf_get_current_task();
int tgid = BPF_CORE_READ(task, tgid);
bpf_printk("Hello from PID %d", tgid);
return 0;
}