The BPF helper function bpf_get_current_task returns a pointer to the current task's task_struct. How can I use this in a BPF program to retrieve the current task's session ID?
Asked
Active
Viewed 512 times
0
-
Reading the definition of `struct task_struct` in file `include/linux/sched.h` from the kernel tree, I see there is a `sessionid` attribute. Is this what you are looking for? I don't know tracing program well, but if so, you can maybe read it with `bpf_probe_read()` from the `task_struct` you get? – Qeole Feb 19 '18 at 12:58
-
@Qeole I looked through the implementation of the `getsid` syscall for inspiration, which follows the `group_leader` pointer of `task_struct` (similar to here https://stackoverflow.com/questions/48777124/always-get-0-session-id-in-bpf-program?noredirect=1) but I am having issues with the `group_leader` pointer being null so I was wondering if there is particular way of doing this in a BPF program - perhaps the session ID is only available when a kernel function is called from user space (i.e. a syscall), rather than it being called by the kernel itself – dippynark Feb 19 '18 at 14:10
-
Ok. Sorry, I don't know. If you don't get an answer here, another channel for help could be [the iovisor-dev mailing list](https://lists.iovisor.org/mailman/listinfo/iovisor-dev). – Qeole Feb 19 '18 at 19:16
-
@Qeole niiice, thanks for that, awaiting subscription confirmation :) – dippynark Feb 19 '18 at 23:13