You would think that the functions fopen, fprintf and fclose have counterpart functions in the kernel module. Looking for those functions showed that this is not the case. The kernel is already doing that and the kernel module is at a lower level. I could not find good documentation, so I did put debugging messages at the different functions, so I could see which functions I could put my code in.

Also a surprise for me: in kernel modules you have to use different – and limited set of – functions. With printk one could see the output with dmesg.

I looked that no functions were actually called. But the kernel module was reading and writing just fine. It turned out you should be very careful with the EXPORT_SYMBOL macro. I did not change all the function names properly, in all the files. And that is why my kernel module just jumped to the FAT kernel functions half way. You do not get any compiler warnings or run time errors, since this will work fine. Maybe next time I should use an IDE, instead of gedit, but maybe that will be even slower on a Rpi zero… After correcting this, I can see which functions are called. When you write from a pipe: fat_write_begin is called. When you e.g. edit a file: fat_write_pages.