Glossary
Zone allocator (zalloc)
XNU's per-type slab allocator. Each zone holds elements of one fixed size; allocation is a free-list pop. Foundation of nearly every kernel data structure.
The zone allocator is XNU's per-type slab allocator. Each zone owns a list of pages it has allocated from the VM, carves them into fixed-size elements, and maintains a free-list. Allocation pops the head; free pushes back on. O(1) on the hot path.
apple-oss-distributions/xnuosfmk/kern/zalloc.cThe zone allocator — XNU's foundational kernel allocator.View on GitHub(line —)A subsystem that allocates many objects of the same type creates a dedicated zone:
ipc_object_zones[IOT_PORT] = zone_create("ipc ports", sizeof(struct ipc_port), …);
Then uses zalloc(zone) / zfree(zone, ptr).
Benefits:
- No fragmentation — every element is exactly N bytes.
- Locality — elements of the same type cluster on the same pages.
- UAF detection — Guard mode delays reuse of freed elements.
- Per-zone telemetry —
zprint(1)shows every zone's current size, count, and ceiling.
zprint is the go-to tool for diagnosing kernel memory bloat — a leaking subsystem shows up as its zone's count climbing.
See also: kalloc, and the kernel allocators article.