57501d97e4
Plugin DLLs are now loaded in isolated wslpluginhost.exe processes instead of directly in wslservice.exe via LoadLibrary. This prevents a buggy or malicious plugin from crashing the WSL service. Architecture: - New IWslPluginHost/IWslPluginHostCallback COM interfaces (WslPluginHost.idl) for cross-process plugin lifecycle management - New wslpluginhost.exe: COM local server (REGCLS_SINGLEUSE), one per plugin, loads the plugin DLL and dispatches notifications - Refactored PluginManager: CoCreateInstance replaces LoadLibrary, PluginError returned via [out] parameter, crash recovery via IsHostCrash() detecting RPC_E_DISCONNECTED/SERVER_DIED Callback safety: - Plugin callbacks (MountFolder, ExecuteBinary) arrive on a different COM RPC thread and use std::shared_lock(m_callbackLock) instead of m_instanceLock to avoid re-entrancy deadlocks - _VmTerminate takes exclusive m_callbackLock before destroying the VM, blocking until in-flight callbacks complete - Lock ordering: m_instanceLock -> m_callbackLock (never reverse) - All writes to m_runningInstances take m_callbackLock exclusive to prevent data races with concurrent callback reads Security: - COM AppID with SYSTEM-only launch/access permissions - Plugin signature validation (ValidateFileSignature) keeps the file handle open until after LoadLibrary to prevent TOCTOU attacks - Plugin host processes use minimal access rights for handles Process lifecycle: - Plugin hosts added to a job object with KILL_ON_JOB_CLOSE for automatic cleanup if wslservice exits - g_pluginHost is process-wide (REGCLS_SINGLEUSE guarantees one plugin per process), nulled on destruction to prevent UAF - std::call_once for thread-safe initialization and job creation Packaging: - WslPluginHost.idl compiled into existing wslserviceproxystub.dll - MSI: COM class/interface registration, AppID security, proxy/stub - wslpluginhost.exe added to build/signing pipeline, WER crash dump list, LSP registration, and test validation Plugins are not loaded for WSL1-only sessions since all plugin hooks require a WSL2 VM. WslPluginApi.h is unchanged - existing plugin DLLs work unmodified.
Welcome to the Windows Subsystem for Linux (WSL) repository
Learn more about WSL | Downloads & Release notes | Contributing to WSL
About
Windows Subsystem for Linux (WSL) is a powerful way for you to run your Linux command-line tools, utilities and applications, all unmodified and directly on Windows without the overhead of a traditional virtual machine or dual boot setup.
You can install WSL right away by running this command inside of your Windows command line:
wsl --install
You can learn more about best practices for setup, overviews of WSL and more at our WSL documentation page.
Related repositories
WSL also has related open source repositories:
- microsoft/WSL2-Linux-Kernel - The Linux kernel shipped with WSL
- microsoft/WSLg - Support for Linux GUI apps in WSL
- microsoftdocs/wsl - WSL documentation at aka.ms/wsldocs
Contributing
This project welcomes contributions of all types, including coding features / bug fixes, documentation fixes, design proposals and more.
We ask that before you start working on a contribution, please read our Contributor's Guide.
For guidance on developing for WSL, please read the developer docs for instructions on how to build WSL from source and details on its architecture.
Code of Conduct
This project has adopted the Microsoft Open Source Code of Conduct
Trademarks
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft’s Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party’s policies.
Privacy and telemetry
The application logs basic diagnostic data (telemetry). For more information on privacy and what we collect, see our data and privacy documentation.
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.