github.com/inspektor-gadget/inspektor-gadget@v0.28.1/pkg/gadgets/top/ebpf/piditer/bpf/pid_iter.bpf.c

github.com/inspektor-gadget/inspektor-gadget@v0.28.1/pkg/gadgets/top/ebpf/piditer/bpf/pid_iter.bpf.c (about)

     1  // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
     2  /* Copyright (c) 2020 Facebook, (c) 2022 The Inspektor Gadget authors */
     3  #include <vmlinux.h>
     4  #include <bpf/bpf_helpers.h>
     5  #include <bpf/bpf_core_read.h>
     6  #include <bpf/bpf_tracing.h>
     7  #include "pid_iter.h"
     8  
     9  const volatile __u64 bpf_prog_fops_addr = 0;
    10  
    11  struct pid_iter_entry *unused __attribute__((unused));
    12  
    13  SEC("iter/task_file")
    14  int ig_top_ebpf_it(struct bpf_iter__task_file *ctx)
    15  {
    16  	struct file *file = ctx->file;
    17  	struct task_struct *task = ctx->task;
    18  	struct pid_iter_entry e;
    19  
    20  	if (!file || !task)
    21  		return 0;
    22  
    23  	// We need to have an address of bpf_prog_fops to run
    24  	// TODO: Currently cilium/ebpf doesn't support .ksyms, this is why we get the info from userspace right now
    25  	if (bpf_prog_fops_addr == 0 ||
    26  	    (__u64)(file->f_op) != bpf_prog_fops_addr)
    27  		return 0;
    28  
    29  	__builtin_memset(&e, 0, sizeof(e));
    30  	e.pid = task->tgid;
    31  	e.id = BPF_CORE_READ((struct bpf_prog *)(file->private_data), aux, id);
    32  
    33  	bpf_probe_read_kernel_str(&e.comm, sizeof(e.comm),
    34  				  task->group_leader->comm);
    35  	bpf_seq_write(ctx->meta->seq, &e, sizeof(e));
    36  
    37  	return 0;
    38  }
    39  
    40  char LICENSE[] SEC("license") = "Dual BSD/GPL";