Ad

Chrome Native Client Process Model

This is probably a fairly basic question but none of the technical documents on Chrome Native Client and Chromium I've reviewed so far seem to address it in a direct manner:

When Chrome encounters an <embed> element with application/x-pnal type inside a html page, does it load the Native Client module in the same process space as the Tab hosting the current page? Then, after the NaCl module is created and running, for example, inside a HandleMessage(const pp:Var&) method, is the code running in a separate thread from the thread executing the in-page javascript?

Ad

Answer

Native Client always runs in a separate process from Chrome, it's part of the sandbox's design that the entire address space must be under NaCl's control. Each architecture has a different sandbox implementation, for example on ARM NaCl reserved the bottom 1GiB of the address space to untrusted code (with a guard page towards 0 and the syscall trampolines right after) and the top 3GiB for the trusted code base. x86-32 instead uses segmentation to enforce the address space restrictions, and x86-64 could be in process (there's enough address space for it since it only give 4GiB to untrusted code) but still uses its own process because things like signal handling and syscall filtering are much saner to secure with the existing NaCl design.

You may be further interested in how syscalls work.

Ad
source: stackoverflow.com
Ad