merge master -> feature/wsl-for-apps#14465
Open
benhillis wants to merge 16 commits intofeature/wsl-for-appsfrom
Open
merge master -> feature/wsl-for-apps#14465benhillis wants to merge 16 commits intofeature/wsl-for-appsfrom
benhillis wants to merge 16 commits intofeature/wsl-for-appsfrom
Conversation
* test: enable virtiofs tests and enable WSLG during testing * test fix --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Addresses Dependabot alerts #10 and #11. The Microsoft.NETCore.App.Runtime packages (win-x64 and win-arm64) at version 10.0.0 are vulnerable to a denial of service via out-of-bounds read when decoding malformed Base64Url input (CVSS 7.5 High). Bumped to 10.0.4 which includes the fix. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Co-authored-by: WSL notice <noreply@microsoft.com>
…ipt (#14424) * Ship initrd.img in MSI using build-time generation via tar.exe Replace the install-time CreateInitrd/RemoveInitrd custom actions with a build-time step that generates initrd.img using the Windows built-in tar.exe (libarchive/bsdtar) and ships it directly in the MSI. The install-time approach had a race condition: wsl.exe could launch before the CreateInitrd custom action completed, causing ERROR_FILE_NOT_FOUND for initrd.img. Changes: - Add CMake custom command to generate initrd.img via tar.exe --format=newc - Add initrd.img as a regular file in the MSI tools component - Remove CreateInitrd/RemoveInitrd custom actions from WiX, DllMain, and wslinstall.def - Remove CreateCpioInitrd helper and its tests (no longer needed) - Update pipeline build targets to build initramfs instead of init * pr feedback * more pr feedback * switch to using a powershell script instead of tar.exe * powershell script feedback * hopefully final pr feedback --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
…uire a call to the service (#14380) * virtiofs: update logic so querying virtiofs mount source does not require a call to the service * more pr feedback * use std::filesystem::read_symlink * pr feedback and use canonical path in virtiofs symlink * make sure canonical path is always used --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* VirtioProxy: Add IPv6 address, gateway, and route support - Add PreferredIpv6Address field and GetBestGatewayV6* methods to NetworkSettings - Extend GetHostEndpointSettings() to discover IPv6 unicast address and gateway - Add UpdateIpv6Address() using ModifyGuestEndpointSettingRequest<IPAddress> - Push IPv6 default route to guest via UpdateDefaultRoute(AF_INET6) - Remove AF_INET6 early return in ModifyOpenPorts, use INETADDR_PORT() - Add EndpointRoute::DefaultRoute() static factory - Pass client_ip_ipv6 in devicehost options (not yet parsed by devicehost) - Remove gateway_ip from devicehost options (only needed for DHCP) - Include IPv6 DNS servers in non-tunneling DNS settings - Add ConfigurationV6 and DnsResolutionAAAA tests * cleanup and add more ipv6 tests * added test coverage and minor updates * clang format * pr feedback * format source * pr feedback * test fixes --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Initial work * . * pr feedback and add unit test * minor tweaks an fix use after free in logging statement * implement PR feedback * hopefully final pr feedback * pr feedback in test function * Address PR feedback: add try/catch to TrackPort and PortZeroBind queue push --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
There were instructions already on how to install tcpdump in WSL, but iptables are also needed for the log collection to be complete, so this PR adds instructions on how to also install iptables. Co-authored-by: Andre Muezerie <andremue@linux.microsoft.com>
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Move all supported Ubuntu images to the new format We backported the build pipeline so all current LTSes come out in the new tar-based format * Remove the appx based distros All WSL users can run tar-based distros by now, right? There is no benefit in maintaining both formats.
OneBlue
approved these changes
Mar 17, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Merges master into feature/wsl-for-apps, bringing in upstream updates across WSL networking (virtio proxy IPv6 + port tracking), virtiofs share handling, and packaging (initrd shipping), along with associated test and metadata updates.
Changes:
- Add IPv6 support to virtio proxy networking and extend port tracking to handle guest binds to port
0. - Improve virtiofs share responses and guest-side tag→source resolution via persisted mappings.
- Switch back to generating
initrd.imgat build time and shipping it in the MSI; update tests and distribution/package metadata accordingly.
Reviewed changes
Copilot reviewed 30 out of 30 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tools/create-initrd.ps1 | New script to generate a minimal newc CPIO initramfs containing init. |
| src/linux/init/CMakeLists.txt | Adds initramfs target to generate initrd.img during build. |
| msipackage/package.wix.in | Ships initrd.img in the MSI tools component; removes installer custom actions. |
| msipackage/CMakeLists.txt | Includes initrd.img as a packaged Linux artifact; depends on initramfs. |
| .pipelines/build-stage.yml | Adds initramfs to the build targets. |
| src/windows/wslinstall/wslinstall.def | Removes CreateInitrd / RemoveInitrd exports. |
| src/windows/wslinstall/DllMain.cpp | Removes initrd create/remove MSI custom actions implementation. |
| src/windows/common/filesystem.hpp | Removes CreateCpioInitrd declaration. |
| src/windows/common/filesystem.cpp | Removes CreateCpioInitrd implementation. |
| test/windows/SimpleTests.cpp | Removes unit test for CreateCpioInitrd (function removed). |
| test/windows/InstallerTests.cpp | Removes installer lifecycle test that assumed initrd generated at install time. |
| test/windows/Common.cpp | Changes test config default to enable guiApplications by default. |
| test/windows/UnitTests.cpp | Reworks config toggling to reuse a single WslConfigChange across scopes. |
| test/windows/DrvFsTests.cpp | Enables VirtioFs DrvFs test class. |
| src/windows/service/exe/WslCoreVm.h | Changes AddVirtioFsShare to return (tag, source) pair. |
| src/windows/service/exe/WslCoreVm.cpp | Adds virtiofs response SourceOffset and removes query message path. |
| src/shared/inc/lxinitshared.h | Updates virtiofs response message schema and removes query message type/struct. |
| src/linux/init/drvfs.cpp | Persists virtiofs tag→source mapping and resolves mount source via symlink. |
| src/windows/common/WslCoreNetworkingSupport.h | Requests gateways in adapter enumeration. |
| src/windows/common/WslCoreNetworkEndpointSettings.h | Adds IPv6 preferred address + v6 gateway route handling in settings. |
| src/windows/common/WslCoreNetworkEndpointSettings.cpp | Populates IPv6 address/gateway and parameterizes gateway MAC lookup by family. |
| src/windows/common/VirtioNetworking.h | Adds Ipv6 flag; splits IPv4/IPv6 address update paths; MTU optional. |
| src/windows/common/VirtioNetworking.cpp | Implements IPv6 enablement, IPv6 address notifications, port open handling for v6. |
| src/linux/init/GnsPortTracker.h | Adds deferred port-0 bind resolution queueing and tracking structures. |
| src/linux/init/GnsPortTracker.cpp | Implements asynchronous port-0 bind resolution via pidfd duplication + getsockname retry. |
| test/windows/NetworkTests.cpp | Adds port-0 tracking tests, IPv6 route wait helper, and virtio proxy IPv6 coverage. |
| packages.config | Updates .NET runtime packages to 10.0.4; bumps Microsoft.WSL.DeviceHost. |
| distributions/DistributionInfo.json | Adds Ubuntu 20.04/22.04 WSL URLs; updates AlmaLinux URLs/hashes; removes some store entries. |
| NOTICE.txt | Removes NOTICE headings/blocks for the .NET runtime packages. |
| CONTRIBUTING.md | Updates networking log collection prerequisites to include iptables. |
Comments suppressed due to low confidence (1)
NOTICE.txt:642
- This change removes the NOTICE section headers for the Microsoft.NETCore.App.Runtime.win-* packages, but packages.config still references these runtime packages. NOTICE.txt appears to no longer mention them at all, which breaks the per-dependency attribution pattern used throughout the file and may be a licensing/compliance issue. Please restore/update the NOTICE entry for the runtime packages (including the new 10.0.4 versions).
---------------------------------------------------------
---------------------------------------------------------
You can also share your feedback on Copilot code review. Take the survey.
- Allow VirtioProxy to keep EnableDnsTunneling=true in config, but clear socket-specific options (BestEffortDnsParsing, DnsTunnelingIpAddress) - Suppress dedicated DNS tunneling hvsocket for VirtioProxy; tunneling is handled through the VirtioNetworking device host instead - Set DnsTunneling flag on VirtioNetworkingFlags so the device host knows to tunnel DNS - Expand SWIOTLB kernel cmdline to cover VirtioFs and VirtioProxy - Bump DeviceHost package to 1.1.39-0 - Add VirtioProxy DNS test coverage for tunneling on/off - Skip GuestPortIsReleasedV6 on Windows 10 Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Merges master into feature/wsl-for-apps, bringing updated networking capabilities (IPv6 + port-0 tracking), virtiofs share mapping improvements, and packaging changes to ship a prebuilt initrd.img.
Changes:
- Add IPv6 support and expanded DNS behavior in virtio proxy and associated Windows tests.
- Add guest port-0 bind tracking (async resolution) in the Linux port tracker plus related test coverage.
- Switch initrd generation to build-time (PowerShell + CMake) and ship
initrd.imgin the MSI; remove installer-time initrd custom actions.
Reviewed changes
Copilot reviewed 31 out of 31 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/create-initrd.ps1 | New script to generate a minimal cpio newc initramfs from init. |
| test/windows/UnitTests.cpp | Reuses a single WslConfigChange instance via Update() for GUI apps toggling. |
| test/windows/SimpleTests.cpp | Removes CPIO initrd unit test (CreateCpioInitrd). |
| test/windows/NetworkTests.cpp | Adds IPv6 dig validation, port-0 bind tests, IPv6 default-route waiting, and adapter/DNS helper changes. |
| test/windows/InstallerTests.cpp | Removes initrd lifecycle test (no longer generated at install-time). |
| test/windows/DrvFsTests.cpp | Enables the VirtioFs test class. |
| test/windows/Common.cpp | Makes guiApplications default to true in generated test configs. |
| src/windows/wslinstall/wslinstall.def | Stops exporting initrd custom actions. |
| src/windows/wslinstall/DllMain.cpp | Removes Create/Remove initrd MSI custom actions. |
| src/windows/service/exe/WslCoreVm.h | Changes AddVirtioFsShare to return {tag, source} pair. |
| src/windows/service/exe/WslCoreVm.cpp | Adds virtio IPv6 flag usage and returns virtiofs source path in responses. |
| src/windows/common/filesystem.hpp | Removes CreateCpioInitrd declaration. |
| src/windows/common/filesystem.cpp | Removes CreateCpioInitrd implementation. |
| src/windows/common/WslCoreNetworkingSupport.h | Includes gateways in adapter address enumeration. |
| src/windows/common/WslCoreNetworkEndpointSettings.h | Adds IPv6 preferred address/gateway fields and default-route helper. |
| src/windows/common/WslCoreNetworkEndpointSettings.cpp | Populates IPv6 preferred address and default route info; updates gateway MAC lookup API. |
| src/windows/common/WslCoreConfig.cpp | Adjusts dns-tunneling validation rules for VirtioProxy mode. |
| src/windows/common/VirtioNetworking.h | Adds IPv6 flag + IPv4/IPv6 address tracking and optional MTU update path. |
| src/windows/common/VirtioNetworking.cpp | Implements IPv6-aware configuration and port notifications; refactors updates (route/DNS/MTU/IP). |
| src/shared/inc/lxinitshared.h | Removes VirtioFs query message; adds SourceOffset to share response. |
| src/linux/init/drvfs.cpp | Persists virtiofs {tag -> source} mapping via symlink; query reads symlink instead of RPC. |
| src/linux/init/GnsPortTracker.h | Adds deferred port-0 bind resolution structures + queues. |
| src/linux/init/GnsPortTracker.cpp | Implements async port-0 resolution via pidfd_getfd + getsockname polling; tracks resolved ports. |
| src/linux/init/CMakeLists.txt | Adds initramfs custom target generating initrd.img via PowerShell. |
| packages.config | Bumps .NET runtime packages to 10.0.4; updates DeviceHost version. |
| msipackage/package.wix.in | Ships initrd.img in the MSI; removes Create/Remove initrd custom actions. |
| msipackage/CMakeLists.txt | Adds initrd.img as a packaged Linux binary; depends on initramfs. |
| distributions/DistributionInfo.json | Adds direct Ubuntu .wsl downloads for 20.04/22.04; updates AlmaLinux entries; removes Ubuntu store entries. |
| NOTICE.txt | Removes notice blocks for .NET runtime 10.0.0 entries. |
| CONTRIBUTING.md | Updates networking log collection prerequisites (iptables + tcpdump). |
| .pipelines/build-stage.yml | Adds initramfs build target to pipeline stage. |
Comments suppressed due to low confidence (1)
NOTICE.txt:1
- The NOTICE entries for
Microsoft.NETCore.App.Runtime.win-* 10.0.0were removed, butpackages.configupdates those dependencies to10.0.4. If NOTICE is intended to enumerate shipped third-party components, it should be updated to reflect the new runtime versions rather than dropping the runtime notice blocks entirely.
NOTICES AND INFORMATION
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
+56
to
+63
| set(INITRAMFS ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/${CMAKE_BUILD_TYPE}/initrd.img) | ||
| set(INIT ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/${CMAKE_BUILD_TYPE}/init) | ||
| add_custom_command( | ||
| OUTPUT ${INITRAMFS} "${CMAKE_CURRENT_BINARY_DIR}/CmakeFiles/initramfs" | ||
| DEPENDS init ${INIT} | ||
| COMMAND powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -File "${CMAKE_SOURCE_DIR}/tools/create-initrd.ps1" "${INIT}" "${INITRAMFS}" | ||
| COMMAND ${CMAKE_COMMAND} -E touch "${CMAKE_CURRENT_BINARY_DIR}/CmakeFiles/initramfs" | ||
| VERBATIM) |
| default: | ||
| - target: "wsl;libwsl;wslg;wslservice;wslhost;wslrelay;wslinstaller;wslinstall;wslserviceproxystub;wslsettings;wslinstallerproxystub;testplugin;wslaservice;wslasession;wslaserviceproxystub;wslc;wsltests" | ||
| - target: "wsl;libwsl;wslg;wslservice;wslhost;wslrelay;wslinstaller;wslinstall;initramfs;wslserviceproxystub;wslsettings;wslinstallerproxystub;testplugin;wslaservice;wslasession;wslaserviceproxystub;wslc;wsltests" | ||
| pattern: "wsl.exe,libwsl.dll,wslg.exe,wslservice.exe,wslhost.exe,wslrelay.exe,wslinstaller.exe,wslinstall.dll,wslserviceproxystub.dll,wslsettings/wslsettings.dll,wslsettings/wslsettings.exe,wslinstallerproxystub.dll,wsldevicehost.dll,WSLDVCPlugin.dll,testplugin.dll,wsldeps.dll,wslaservice.exe,wslasession.exe,wslaserviceproxystub.dll,wslc.exe" |
Comment on lines
+275
to
292
| void VirtioNetworking::SendDefaultRoute(const std::wstring& gateway, hns::ModifyRequestType requestType) | ||
| { | ||
| if (gateway.empty()) | ||
| if (gateway.empty() || !m_adapterId.has_value()) | ||
| { | ||
| return; | ||
| } | ||
|
|
||
| wsl::shared::hns::Route route; | ||
| route.NextHop = gateway; | ||
| route.DestinationPrefix = (family == AF_INET) ? LX_INIT_DEFAULT_ROUTE_PREFIX : LX_INIT_DEFAULT_ROUTE_V6_PREFIX; | ||
| route.Family = family; | ||
| route.DestinationPrefix = LX_INIT_DEFAULT_ROUTE_PREFIX; | ||
| route.Family = AF_INET; | ||
|
|
||
| hns::ModifyGuestEndpointSettingRequest<hns::Route> request; | ||
| request.RequestType = hns::ModifyRequestType::Add; | ||
| request.RequestType = requestType; | ||
| request.ResourceType = hns::GuestEndpointResourceType::Route; | ||
| request.Settings = route; | ||
| m_gnsChannel.SendHnsNotification(ToJsonW(request).c_str(), m_adapterId.value()); | ||
| } |
| SOCKADDR_IN addr{}; | ||
| addr.sin_family = AF_INET; | ||
| addr.sin_port = htons(assignedPort); | ||
| THROW_HR_IF(E_FAIL, bind(sock.get(), reinterpret_cast<SOCKADDR*>(&addr), sizeof(addr)) != SOCKET_ERROR); |
Comment on lines
+3479
to
3492
| static std::vector<BYTE> GetAdapterAddresses(ADDRESS_FAMILY family) | ||
| { | ||
| ULONG result; | ||
| constexpr ULONG flags = | ||
| (GAA_FLAG_SKIP_FRIENDLY_NAME | GAA_FLAG_SKIP_ANYCAST | GAA_FLAG_SKIP_MULTICAST | GAA_FLAG_SKIP_DNS_SERVER | GAA_FLAG_INCLUDE_GATEWAYS); | ||
| ULONG bufferSize = 0; | ||
| std::unique_ptr<IP_ADAPTER_ADDRESSES> buffer; | ||
|
|
||
| while ((result = GetAdaptersAddresses(family, flags, nullptr, buffer.get(), &bufferSize)) == ERROR_BUFFER_OVERFLOW) | ||
| std::vector<BYTE> buffer; | ||
| ULONG result = GetAdaptersAddresses(family, flags, nullptr, nullptr, &bufferSize); | ||
| while (result == ERROR_BUFFER_OVERFLOW) | ||
| { | ||
| buffer.reset(static_cast<IP_ADAPTER_ADDRESSES*>(malloc(bufferSize))); | ||
| VERIFY_IS_NOT_NULL(buffer.get()); | ||
| buffer.resize(bufferSize); | ||
| result = GetAdaptersAddresses(family, flags, nullptr, reinterpret_cast<PIP_ADAPTER_ADDRESSES>(buffer.data()), &bufferSize); | ||
| } | ||
|
|
||
| VERIFY_WIN32_SUCCEEDED(result); |
Comment on lines
+110
to
+116
| // Synthesize a gateway from the first host address in the subnet. | ||
| SOCKADDR_INET gatewayAddr{}; | ||
| gatewayAddr.si_family = AF_INET; | ||
| const uint32_t hostAddr = ntohl(address.Address.Ipv4.sin_addr.s_addr); | ||
| const uint32_t mask = (address.PrefixLength == 0) ? 0u : ~((1u << (32u - address.PrefixLength)) - 1u); | ||
| gatewayAddr.Ipv4.sin_addr.s_addr = htonl((hostAddr & mask) | 1u); | ||
| route = EndpointRoute::DefaultRoute(AF_INET, gatewayAddr); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change merges the master branch into the feature/wsl-for-apps branch.
Biggest updates here are: