User Tasks  <-> Mach Message <-> Kernel Services

Task <-> Msg <-> Port <-> Msg <-> Kernel
  • send: Ordered
  • send-once: unordered

Table of Contents


  • header (fixed-size) destination, size(header+body)
  • body (variable-sized) containing kernel and user data
    • contains descriptors of additional port rights to transmitted
    • descriptors of ‘out-of-line’ memory regions to be sent and a variable amount of user data
  • trailer (variable-sized) kernel appended message attributes

Mach Ports

lsmp list mach ports

  • kernel maintained message queue
  • multiple sender, single receiver

Port Rights

In userspace, mach port names name rights a process has over a particular message queue.

  • send right: enqueue an unlimited number of messages to a particular message queue
  • send-once right: enqueue a single message
  • receive right: dequeue an unlimited number of messages
  • portset right: dequeue an unlimited number of messages from multiple message queues
  • dead-name right: do nothing (no longer has a receiver)

for kernel owned ports for the kernel MIG apis, the messages never get queued, there’s a fast path which turns them into synchronous syscalls (ipc_kobject_server)


  • Port rights can be transferred between tasks via messages
  • Tasks can receive messages from ports and port sets
  • Tasks manipulate port sets with a port set name
  • A port may not belong to more than one port set
  • If a port is a member of a port set, the holder of the receive right cannot receive directly from the port
  • Port rights are a secure, location-independent way of naming ports
  • Port rights do not carry any location information
  • Each task has its own space of port rights.
  • Port rights are named with unsigned integers.
  • sizeof(mach_port_t) = sizeof(mach_port_name_t) = sizeof(void*)

Three basic rights

  1. receive rights
  2. send rights
  3. send-once rights
  • A port name can name any of these types of rights, or name a port-set, be a dead name, or name nothing.
  • Dead names act as place-holders to prevent a name from being otherwise used.
  • A port is destroyed, or dies, when its receive right is de-allocated.