Writing a plain text file to disk from kernel space

Tue May 15 04:35:44 UTC 2007

Hi all,

I'm in the process of writing a kernel module to instrument some parts 
of the network stack in FreeBSD 6.2. Everything works perfectly, except 
that writing the logging info to syslog using printf is too inefficient 
for this particular task. Given that log messages need to be generated 
for each packet entering/leaving the network stack, my testing thus far 
has showed that syslog groans under the load and uses far too much CPU time.

So, I'm looking for a way to manually open up a file from within kernel 
space and dump characters into it.

I've come across the following threads that are related to my problem:

http://lists.freebsd.org/pipermail/freebsd-hackers/2007-May/020330.html

http://lists.freebsd.org/pipermail/freebsd-fs/2005-September/001306.html

Neither thread has provided the "ah-ha" information/discovery I'm 
needing to get this working, and so I'd be very grateful to anyone that 
can shed some light on how to piece this together in the most efficient 
way possible.

To summarise the things I've experimented with thus far:

1. Following the "open" syscall down into kernel land and investigating 
how the underlying kernel functions work. The "kern_open" function in 
"kern/vfs_syscalls.c" seems interesting.

However, all of interesting functions that I've found take a thread 
struct pointer as the first argument. I have not been able to figure out 
where to get a thread struct pointer from. So perhaps if someone can 
shed light on how to go about creating a thread struct suitable for 
passing to these functions, I may be able to figure it out. I've tried 
creating a new kthread using kthread_create, and got this working, but 
this still didn't give me access to a thread struct pointer. I've also 
tried accessing the thread queue for process 0 but didn't have any luck 
there either (though I could have been accessing it incorrectly!).

2. Following the kernel panic code where it writes a dump out to disk. 
This uses very scary low level structs and functions that I couldn't 
wrap my head around... appeared to be below the vfs layer in the kernel, 
so I suspect its to far below where I want to be at.

3. I followed the ktrace code, but that seemed to lead to a dead end of 
passing logging data up to userspace via the ddb subsystem, which is not 
what I want to do.

4. I followed coredump code, and this looked very interesting. It 
operates directly on vnodes, but once again, the elusive thread struct 
pointer is needed.

The "kern/vfs_*" files seem to contain the functions relating to all the 
action of creating/writing/reading files (vnodes)... is there a good 
document/tutorial somewhere that describes the layering and various 
abstractions in the FreeBSD kernel fileystem related code? TCP 
Illustrated has been invaluable in describing the layout and structure 
of the various network stack components/functions/structs in the kernel. 
Something similar for filesystem related tasks would be most useful.

I suspect that once I understand the mechanics of where thread struct 
pointers come from and how to get my hands one one from within the 
kernel, I'll be able to get the rest going.

Many thanks for your time and help.

Regards,
Lawrence Stewart