Plugin DLLs are now loaded in isolated wslpluginhost.exe processes
instead of directly in wslservice.exe via LoadLibrary. This prevents
a buggy or malicious plugin from crashing the WSL service.
Architecture:
- New IWslPluginHost/IWslPluginHostCallback COM interfaces
(WslPluginHost.idl) for cross-process plugin lifecycle management
- New wslpluginhost.exe: COM local server (REGCLS_SINGLEUSE), one
per plugin, loads the plugin DLL and dispatches notifications
- Refactored PluginManager: CoCreateInstance replaces LoadLibrary,
PluginError returned via [out] parameter, crash recovery via
IsHostCrash() detecting RPC_E_DISCONNECTED/SERVER_DIED
Callback safety:
- Plugin callbacks (MountFolder, ExecuteBinary) arrive on a different
COM RPC thread and use std::shared_lock(m_callbackLock) instead of
m_instanceLock to avoid re-entrancy deadlocks
- _VmTerminate takes exclusive m_callbackLock before destroying the
VM, blocking until in-flight callbacks complete
- Lock ordering: m_instanceLock -> m_callbackLock (never reverse)
- All writes to m_runningInstances take m_callbackLock exclusive to
prevent data races with concurrent callback reads
Security:
- COM AppID with SYSTEM-only launch/access permissions
- Plugin signature validation (ValidateFileSignature) keeps the file
handle open until after LoadLibrary to prevent TOCTOU attacks
- Plugin host processes use minimal access rights for handles
Process lifecycle:
- Plugin hosts added to a job object with KILL_ON_JOB_CLOSE for
automatic cleanup if wslservice exits
- g_pluginHost is process-wide (REGCLS_SINGLEUSE guarantees one
plugin per process), nulled on destruction to prevent UAF
- std::call_once for thread-safe initialization and job creation
Packaging:
- WslPluginHost.idl compiled into existing wslserviceproxystub.dll
- MSI: COM class/interface registration, AppID security, proxy/stub
- wslpluginhost.exe added to build/signing pipeline, WER crash dump
list, LSP registration, and test validation
Plugins are not loaded for WSL1-only sessions since all plugin hooks
require a WSL2 VM. WslPluginApi.h is unchanged - existing plugin DLLs
work unmodified.
Cherry-pick WSL1/WSL2 test changes from 9c4dba91 (feature/wsl-for-apps).
Replace runtime WSL1_TEST_ONLY()/WSL2_TEST_ONLY() skip macros with
WSL1_TEST_METHOD()/WSL2_TEST_METHOD() TAEF metadata macros. This moves
version filtering to the test runner level via /select: queries, so
inapplicable tests are excluded entirely instead of appearing as skipped.
Updated files:
- test/windows/Common.h: New macros + removed old skip macros
- test/windows/*.cpp: Converted all test methods
- tools/test/run-tests.ps1: Auto-add /select: when no user filter
- cloudtest/TestGroup.xml.in: Add version filter to TAEF args
- test/README.md: Document new macros
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Mask console-getty.service to prevent multi-distro failures (#13595)
When multiple WSL distros run concurrently, /dev/tty devices are shared
at the VM level. The second distro's console-getty.service fails because
the tty is already held by the first, causing systemd to report failed
units and triggering user@UID.service failures.
Mask console-getty.service during WSL systemd unit generation, similar
to the existing masking of networkd-wait-online. This service provides
no value in WSL since users don't connect to the underlying tty.
Fixes#13595
* format source
* pr feedback
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Update Microsoft.WSL.DeviceHost to version 1.1.48-0 (#14575)
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Re-enable WSLG during testing.
This reverts commit bf759a092b.
* add back config change (will work with new default, but makes test explicit)
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Revert "test: enable virtiofs tests and enable WSLG during testing (#14387)"
* enable wslg for SystemdNoClearTmpUnit test
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* test: Add arm64 test distro support
* update unit test baseline
* more test baseline updates
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* detach terminal before running mount -a
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* use _exit on error before execv in child process to avoid unintentional resource release
* Add regression test
* Fix clang format issue
* fix all clang format issue
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* resolve ai comments
* move test to unit test
* Fix string literal
* Overwrite fstab to resolve pipeline missing file issue
---------
Co-authored-by: Feng Wang <wangfen@microsoft.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Refactor: trim unnecessary DLL deps from COMMON_LINK_LIBRARIES
- Split MSI/Wintrust install functions from wslutil.cpp into install.cpp
- Remove MI.lib, wsldeps.lib, msi.lib, Wintrust.lib, computecore.lib,
computenetwork.lib, Iphlpapi.lib from COMMON_LINK_LIBRARIES
- Add per-target MSI_LINK_LIBRARIES, HCS_LINK_LIBRARIES, SERVICE_LINK_LIBRARIES
- Delay-load msi.dll and WINTRUST.dll for wsl.exe and wslg.exe
- Result: wslhost, wslrelay, wslcsdk, testplugin lose msi/wintrust startup imports;
wsl.exe and wslg.exe defer msi/wintrust loading until actually needed;
wslservice is the only target that imports computecore/computenetwork/Iphlpapi
* minor fixes to install.cpp that were caught during PR
* move to wsl::windows::common::install namespace
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
- Allow VirtioProxy to keep EnableDnsTunneling=true in config, but clear
socket-specific options (BestEffortDnsParsing, DnsTunnelingIpAddress)
- Suppress dedicated DNS tunneling hvsocket for VirtioProxy; tunneling
is handled through the VirtioNetworking device host instead
- Set DnsTunneling flag on VirtioNetworkingFlags so the device host
knows to tunnel DNS
- Expand SWIOTLB kernel cmdline to cover VirtioFs and VirtioProxy
- Bump DeviceHost package to 1.1.39-0
- Add VirtioProxy DNS test coverage for tunneling on/off
- Skip GuestPortIsReleasedV6 on Windows 10
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Initial work
* .
* pr feedback and add unit test
* minor tweaks an fix use after free in logging statement
* implement PR feedback
* hopefully final pr feedback
* pr feedback in test function
* Address PR feedback: add try/catch to TrackPort and PortZeroBind queue push
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* VirtioProxy: Add IPv6 address, gateway, and route support
- Add PreferredIpv6Address field and GetBestGatewayV6* methods to NetworkSettings
- Extend GetHostEndpointSettings() to discover IPv6 unicast address and gateway
- Add UpdateIpv6Address() using ModifyGuestEndpointSettingRequest<IPAddress>
- Push IPv6 default route to guest via UpdateDefaultRoute(AF_INET6)
- Remove AF_INET6 early return in ModifyOpenPorts, use INETADDR_PORT()
- Add EndpointRoute::DefaultRoute() static factory
- Pass client_ip_ipv6 in devicehost options (not yet parsed by devicehost)
- Remove gateway_ip from devicehost options (only needed for DHCP)
- Include IPv6 DNS servers in non-tunneling DNS settings
- Add ConfigurationV6 and DnsResolutionAAAA tests
* cleanup and add more ipv6 tests
* added test coverage and minor updates
* clang format
* pr feedback
* format source
* pr feedback
* test fixes
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Ship initrd.img in MSI using build-time generation via tar.exe
Replace the install-time CreateInitrd/RemoveInitrd custom actions with a
build-time step that generates initrd.img using the Windows built-in
tar.exe (libarchive/bsdtar) and ships it directly in the MSI.
The install-time approach had a race condition: wsl.exe could launch
before the CreateInitrd custom action completed, causing
ERROR_FILE_NOT_FOUND for initrd.img.
Changes:
- Add CMake custom command to generate initrd.img via tar.exe --format=newc
- Add initrd.img as a regular file in the MSI tools component
- Remove CreateInitrd/RemoveInitrd custom actions from WiX, DllMain,
and wslinstall.def
- Remove CreateCpioInitrd helper and its tests (no longer needed)
- Update pipeline build targets to build initramfs instead of init
* pr feedback
* more pr feedback
* switch to using a powershell script instead of tar.exe
* powershell script feedback
* hopefully final pr feedback
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Mask NetworkManager-wait-online.service during boot
Fixes#13772. Similar to PR #13611, this masks NetworkManager-wait-online.service to prevent 60-second timeouts during boot since WSL interfaces are unmanaged by NetworkManager. Also added the service to the discouraged units list in validate-modern.py and added a unit test.
* Addressed Copilot feedback
* Fix
* Move from shipping the initrd to generating during package install.
* pr feedback
* working
* adjust custom action conditions
* update initrd test to cover more cases
* Update msipackage/package.wix.in
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* use stack buffer
* move initrd helper to filesystem.cpp and add unit test
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* DNS: Simplify dns logic and switch to using 'search' instead of 'domain'
which is obsolete.
* add optional header for natnetworking
* format
* extend configuration test for virtioproxy networking mode
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* virtiofs: add support for mounting directories (not just full volumes)
* disable virtiofs tests for now
* spelling
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* TEST: Add testcases to validated bridged networking connectivity
* minor bridged test updates
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* test: extend coverage of virtioproxy networking mode
* test: add dns test variations to all networking classes
* remove bridged dns variations
* pr feedback
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Resolve issue with config file writing sections outside of their expected header.
* add more writewslconfig variations
* formatting
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Clean up localhost relay implementation to not rely on procfs parsing.
* pr feedback
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* virtiofs: fix an issue where if the VM is launched by an elevated user, non-elevated shells will have elevated virtiofs access.
* rename keelAlive -> keepAlive
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* test: add simple virtio proxy networking tests
* move mirrored tests to their own class
* fix failing mirrored variation
* use different port for HostUdpBindDoesNotPreventGuestTcpBind
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* build: fix minor compiler errors when building with VS2026
* s
* use VS2022 for clang format and cross compiling
---------
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Introduce a new wsl.conf config value to allow distributions to opt-in to cgroupv1 mounts
* Add test coverage
* Fix tmpfs on wsl1
---------
Co-authored-by: Ben Hillis <benhillis@gmail.com>
* fix: correct sparse VHD command to include `true`
* Revert all localization strings to f8c26f7c3 except en-US/Resources.resw
* fix: run validate-localization.py with --fix option
* Introduce a new kernel command line argument to collect hvsocket event logs during boot
* Cleanup diff
* unset env
* Add test coverage
* Fix format
* Remove prefix
* Configure defender process exceptions when running tests
* Use explicit %ls
* Save state
* Save state
* Add exceptions before the package is installed
* Remove extra call
