Glossary
kmsg (ipc_kmsg)
The kernel-side representation of a Mach message while it's in flight. Owns the port references, the inline payload, and any out-of-line VM copies.
An ipc_kmsg is the kernel-side structure that represents a Mach message between the moment a sender calls mach_msg(MSG_SEND, …) and the moment a receiver returns from mach_msg(MSG_RCV, …).
It is not the userspace mach_msg_header_t — it's a richer structure that holds:
- The full message header, copied in from userspace.
- The inline payload, copied in.
- A processed array of port descriptors — userspace passes per-task port names; the kmsg stores actual
ipc_port_tpointers with reference counts taken. - A processed array of out-of-line descriptors — userspace passes virtual-address+size; the kmsg stores VM copy objects.
- Linkage pointers to thread the kmsg onto the destination port's queue.
- The sender's voucher, QoS, and audit token.
apple-oss-distributions/xnuosfmk/ipc/ipc_kmsg.hThe ipc_kmsg structure.View on GitHub(line —) apple-oss-distributions/xnuosfmk/ipc/ipc_kmsg.ccopyin / copyout / send / destroy — the full lifecycle.View on GitHub(line —)
The kmsg owns its memory. When the receiver dequeues and reads, the kmsg is freed; on failure paths the kmsg is destroyed, which releases every port reference and unmaps every VM copy.
See also: Mach message, ipc_mqueue, Mach IPC internals.