Objective: Develop a better understanding of the Linux filesystem

Status: Success

Summary: Before starting this I did not know where all the read/write operations were located.  Now I’m fairly comfortable with the layout of the “/fs/” and “/mm/” directory, and many of the calls within them.  In addition I became much more comfortable reading kernel code, making changes to system files, recompiling the kernel and troubleshooting.

Objective: Develop a framework that will assist in the tracing the control flow of read/write operations

Status: Partial Success

Summary: PirateAcorn works well, seems to be stable, is extendable, and has a low overhead.  The main downside is that getting down further into the filesystem if the PID of the calling process is not passed the manager, (Pirate Acorn), will not be able to distinguish if a marker should be logged or not.  I still haven’t come up with a very good solution to this problem.

Objective: Trace the read/write operations through the Linux Kernel:

Status: Very Incomplete

Summary: Quite simply after writing the framework, figuring out/testing/modifying kernel markers, and doing general research there wasn’t much time to get very deep into the kernel.  There were several branches, but for example, the default read is traced as the following

sys_read()

vfs_read()

do_sync_read()

generic_file_aio_read()

do_generic_file_read()

And is left off when it starts to do

page_cache_sync_readahead()

which can be found in “/mm/readahead.c”

There is still a lot of opportunity to go deeper into the kernel tracing read and write operations.  For a full list of all the functions with markers added to them, please consult pirateAcorn.c in the source code.  All the functions are listed in the probe array declarations.  Additionally, there is a link on the main page to a picture labeled “Registering Probes” which shows where in the code those probes are declared and thus which functions are being monitored.  As of this writing, there are currently 18 markers associated with read operations and 6 markers associated with write operations.

Finally, to get a general idea of the process I took adding markers into the code check out this site’s journal page.  That specific example documents my efforts to try and find the control flow for reads performed by the program “metacity”.