merge master -> feature/wsl-for-apps#14465
Merged
benhillis merged 21 commits intofeature/wsl-for-appsfrom Mar 20, 2026
Merged
Conversation
* test: enable virtiofs tests and enable WSLG during testing * test fix --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Addresses Dependabot alerts #10 and #11. The Microsoft.NETCore.App.Runtime packages (win-x64 and win-arm64) at version 10.0.0 are vulnerable to a denial of service via out-of-bounds read when decoding malformed Base64Url input (CVSS 7.5 High). Bumped to 10.0.4 which includes the fix. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Co-authored-by: WSL notice <noreply@microsoft.com>
…ipt (#14424) * Ship initrd.img in MSI using build-time generation via tar.exe Replace the install-time CreateInitrd/RemoveInitrd custom actions with a build-time step that generates initrd.img using the Windows built-in tar.exe (libarchive/bsdtar) and ships it directly in the MSI. The install-time approach had a race condition: wsl.exe could launch before the CreateInitrd custom action completed, causing ERROR_FILE_NOT_FOUND for initrd.img. Changes: - Add CMake custom command to generate initrd.img via tar.exe --format=newc - Add initrd.img as a regular file in the MSI tools component - Remove CreateInitrd/RemoveInitrd custom actions from WiX, DllMain, and wslinstall.def - Remove CreateCpioInitrd helper and its tests (no longer needed) - Update pipeline build targets to build initramfs instead of init * pr feedback * more pr feedback * switch to using a powershell script instead of tar.exe * powershell script feedback * hopefully final pr feedback --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
…uire a call to the service (#14380) * virtiofs: update logic so querying virtiofs mount source does not require a call to the service * more pr feedback * use std::filesystem::read_symlink * pr feedback and use canonical path in virtiofs symlink * make sure canonical path is always used --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* VirtioProxy: Add IPv6 address, gateway, and route support - Add PreferredIpv6Address field and GetBestGatewayV6* methods to NetworkSettings - Extend GetHostEndpointSettings() to discover IPv6 unicast address and gateway - Add UpdateIpv6Address() using ModifyGuestEndpointSettingRequest<IPAddress> - Push IPv6 default route to guest via UpdateDefaultRoute(AF_INET6) - Remove AF_INET6 early return in ModifyOpenPorts, use INETADDR_PORT() - Add EndpointRoute::DefaultRoute() static factory - Pass client_ip_ipv6 in devicehost options (not yet parsed by devicehost) - Remove gateway_ip from devicehost options (only needed for DHCP) - Include IPv6 DNS servers in non-tunneling DNS settings - Add ConfigurationV6 and DnsResolutionAAAA tests * cleanup and add more ipv6 tests * added test coverage and minor updates * clang format * pr feedback * format source * pr feedback * test fixes --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Initial work * . * pr feedback and add unit test * minor tweaks an fix use after free in logging statement * implement PR feedback * hopefully final pr feedback * pr feedback in test function * Address PR feedback: add try/catch to TrackPort and PortZeroBind queue push --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
There were instructions already on how to install tcpdump in WSL, but iptables are also needed for the log collection to be complete, so this PR adds instructions on how to also install iptables. Co-authored-by: Andre Muezerie <andremue@linux.microsoft.com>
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
* Move all supported Ubuntu images to the new format We backported the build pipeline so all current LTSes come out in the new tar-based format * Remove the appx based distros All WSL users can run tar-based distros by now, right? There is no benefit in maintaining both formats.
OneBlue
approved these changes
Mar 17, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Merges master into feature/wsl-for-apps, bringing in upstream updates across WSL networking (virtio proxy IPv6 + port tracking), virtiofs share handling, and packaging (initrd shipping), along with associated test and metadata updates.
Changes:
- Add IPv6 support to virtio proxy networking and extend port tracking to handle guest binds to port
0. - Improve virtiofs share responses and guest-side tag→source resolution via persisted mappings.
- Switch back to generating
initrd.imgat build time and shipping it in the MSI; update tests and distribution/package metadata accordingly.
Reviewed changes
Copilot reviewed 30 out of 30 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tools/create-initrd.ps1 | New script to generate a minimal newc CPIO initramfs containing init. |
| src/linux/init/CMakeLists.txt | Adds initramfs target to generate initrd.img during build. |
| msipackage/package.wix.in | Ships initrd.img in the MSI tools component; removes installer custom actions. |
| msipackage/CMakeLists.txt | Includes initrd.img as a packaged Linux artifact; depends on initramfs. |
| .pipelines/build-stage.yml | Adds initramfs to the build targets. |
| src/windows/wslinstall/wslinstall.def | Removes CreateInitrd / RemoveInitrd exports. |
| src/windows/wslinstall/DllMain.cpp | Removes initrd create/remove MSI custom actions implementation. |
| src/windows/common/filesystem.hpp | Removes CreateCpioInitrd declaration. |
| src/windows/common/filesystem.cpp | Removes CreateCpioInitrd implementation. |
| test/windows/SimpleTests.cpp | Removes unit test for CreateCpioInitrd (function removed). |
| test/windows/InstallerTests.cpp | Removes installer lifecycle test that assumed initrd generated at install time. |
| test/windows/Common.cpp | Changes test config default to enable guiApplications by default. |
| test/windows/UnitTests.cpp | Reworks config toggling to reuse a single WslConfigChange across scopes. |
| test/windows/DrvFsTests.cpp | Enables VirtioFs DrvFs test class. |
| src/windows/service/exe/WslCoreVm.h | Changes AddVirtioFsShare to return (tag, source) pair. |
| src/windows/service/exe/WslCoreVm.cpp | Adds virtiofs response SourceOffset and removes query message path. |
| src/shared/inc/lxinitshared.h | Updates virtiofs response message schema and removes query message type/struct. |
| src/linux/init/drvfs.cpp | Persists virtiofs tag→source mapping and resolves mount source via symlink. |
| src/windows/common/WslCoreNetworkingSupport.h | Requests gateways in adapter enumeration. |
| src/windows/common/WslCoreNetworkEndpointSettings.h | Adds IPv6 preferred address + v6 gateway route handling in settings. |
| src/windows/common/WslCoreNetworkEndpointSettings.cpp | Populates IPv6 address/gateway and parameterizes gateway MAC lookup by family. |
| src/windows/common/VirtioNetworking.h | Adds Ipv6 flag; splits IPv4/IPv6 address update paths; MTU optional. |
| src/windows/common/VirtioNetworking.cpp | Implements IPv6 enablement, IPv6 address notifications, port open handling for v6. |
| src/linux/init/GnsPortTracker.h | Adds deferred port-0 bind resolution queueing and tracking structures. |
| src/linux/init/GnsPortTracker.cpp | Implements asynchronous port-0 bind resolution via pidfd duplication + getsockname retry. |
| test/windows/NetworkTests.cpp | Adds port-0 tracking tests, IPv6 route wait helper, and virtio proxy IPv6 coverage. |
| packages.config | Updates .NET runtime packages to 10.0.4; bumps Microsoft.WSL.DeviceHost. |
| distributions/DistributionInfo.json | Adds Ubuntu 20.04/22.04 WSL URLs; updates AlmaLinux URLs/hashes; removes some store entries. |
| NOTICE.txt | Removes NOTICE headings/blocks for the .NET runtime packages. |
| CONTRIBUTING.md | Updates networking log collection prerequisites to include iptables. |
Comments suppressed due to low confidence (1)
NOTICE.txt:642
- This change removes the NOTICE section headers for the Microsoft.NETCore.App.Runtime.win-* packages, but packages.config still references these runtime packages. NOTICE.txt appears to no longer mention them at all, which breaks the per-dependency attribution pattern used throughout the file and may be a licensing/compliance issue. Please restore/update the NOTICE entry for the runtime packages (including the new 10.0.4 versions).
---------------------------------------------------------
---------------------------------------------------------
You can also share your feedback on Copilot code review. Take the survey.
- Allow VirtioProxy to keep EnableDnsTunneling=true in config, but clear socket-specific options (BestEffortDnsParsing, DnsTunnelingIpAddress) - Suppress dedicated DNS tunneling hvsocket for VirtioProxy; tunneling is handled through the VirtioNetworking device host instead - Set DnsTunneling flag on VirtioNetworkingFlags so the device host knows to tunnel DNS - Expand SWIOTLB kernel cmdline to cover VirtioFs and VirtioProxy - Bump DeviceHost package to 1.1.39-0 - Add VirtioProxy DNS test coverage for tunneling on/off - Skip GuestPortIsReleasedV6 on Windows 10 Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Merges master into feature/wsl-for-apps, bringing updated networking capabilities (IPv6 + port-0 tracking), virtiofs share mapping improvements, and packaging changes to ship a prebuilt initrd.img.
Changes:
- Add IPv6 support and expanded DNS behavior in virtio proxy and associated Windows tests.
- Add guest port-0 bind tracking (async resolution) in the Linux port tracker plus related test coverage.
- Switch initrd generation to build-time (PowerShell + CMake) and ship
initrd.imgin the MSI; remove installer-time initrd custom actions.
Reviewed changes
Copilot reviewed 31 out of 31 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/create-initrd.ps1 | New script to generate a minimal cpio newc initramfs from init. |
| test/windows/UnitTests.cpp | Reuses a single WslConfigChange instance via Update() for GUI apps toggling. |
| test/windows/SimpleTests.cpp | Removes CPIO initrd unit test (CreateCpioInitrd). |
| test/windows/NetworkTests.cpp | Adds IPv6 dig validation, port-0 bind tests, IPv6 default-route waiting, and adapter/DNS helper changes. |
| test/windows/InstallerTests.cpp | Removes initrd lifecycle test (no longer generated at install-time). |
| test/windows/DrvFsTests.cpp | Enables the VirtioFs test class. |
| test/windows/Common.cpp | Makes guiApplications default to true in generated test configs. |
| src/windows/wslinstall/wslinstall.def | Stops exporting initrd custom actions. |
| src/windows/wslinstall/DllMain.cpp | Removes Create/Remove initrd MSI custom actions. |
| src/windows/service/exe/WslCoreVm.h | Changes AddVirtioFsShare to return {tag, source} pair. |
| src/windows/service/exe/WslCoreVm.cpp | Adds virtio IPv6 flag usage and returns virtiofs source path in responses. |
| src/windows/common/filesystem.hpp | Removes CreateCpioInitrd declaration. |
| src/windows/common/filesystem.cpp | Removes CreateCpioInitrd implementation. |
| src/windows/common/WslCoreNetworkingSupport.h | Includes gateways in adapter address enumeration. |
| src/windows/common/WslCoreNetworkEndpointSettings.h | Adds IPv6 preferred address/gateway fields and default-route helper. |
| src/windows/common/WslCoreNetworkEndpointSettings.cpp | Populates IPv6 preferred address and default route info; updates gateway MAC lookup API. |
| src/windows/common/WslCoreConfig.cpp | Adjusts dns-tunneling validation rules for VirtioProxy mode. |
| src/windows/common/VirtioNetworking.h | Adds IPv6 flag + IPv4/IPv6 address tracking and optional MTU update path. |
| src/windows/common/VirtioNetworking.cpp | Implements IPv6-aware configuration and port notifications; refactors updates (route/DNS/MTU/IP). |
| src/shared/inc/lxinitshared.h | Removes VirtioFs query message; adds SourceOffset to share response. |
| src/linux/init/drvfs.cpp | Persists virtiofs {tag -> source} mapping via symlink; query reads symlink instead of RPC. |
| src/linux/init/GnsPortTracker.h | Adds deferred port-0 bind resolution structures + queues. |
| src/linux/init/GnsPortTracker.cpp | Implements async port-0 resolution via pidfd_getfd + getsockname polling; tracks resolved ports. |
| src/linux/init/CMakeLists.txt | Adds initramfs custom target generating initrd.img via PowerShell. |
| packages.config | Bumps .NET runtime packages to 10.0.4; updates DeviceHost version. |
| msipackage/package.wix.in | Ships initrd.img in the MSI; removes Create/Remove initrd custom actions. |
| msipackage/CMakeLists.txt | Adds initrd.img as a packaged Linux binary; depends on initramfs. |
| distributions/DistributionInfo.json | Adds direct Ubuntu .wsl downloads for 20.04/22.04; updates AlmaLinux entries; removes Ubuntu store entries. |
| NOTICE.txt | Removes notice blocks for .NET runtime 10.0.0 entries. |
| CONTRIBUTING.md | Updates networking log collection prerequisites (iptables + tcpdump). |
| .pipelines/build-stage.yml | Adds initramfs build target to pipeline stage. |
Comments suppressed due to low confidence (1)
NOTICE.txt:1
- The NOTICE entries for
Microsoft.NETCore.App.Runtime.win-* 10.0.0were removed, butpackages.configupdates those dependencies to10.0.4. If NOTICE is intended to enumerate shipped third-party components, it should be updated to reflect the new runtime versions rather than dropping the runtime notice blocks entirely.
NOTICES AND INFORMATION
You can also share your feedback on Copilot code review. Take the survey.
* Refactor: trim unnecessary DLL deps from COMMON_LINK_LIBRARIES - Split MSI/Wintrust install functions from wslutil.cpp into install.cpp - Remove MI.lib, wsldeps.lib, msi.lib, Wintrust.lib, computecore.lib, computenetwork.lib, Iphlpapi.lib from COMMON_LINK_LIBRARIES - Add per-target MSI_LINK_LIBRARIES, HCS_LINK_LIBRARIES, SERVICE_LINK_LIBRARIES - Delay-load msi.dll and WINTRUST.dll for wsl.exe and wslg.exe - Result: wslhost, wslrelay, wslcsdk, testplugin lose msi/wintrust startup imports; wsl.exe and wslg.exe defer msi/wintrust loading until actually needed; wslservice is the only target that imports computecore/computenetwork/Iphlpapi * minor fixes to install.cpp that were caught during PR * move to wsl::windows::common::install namespace --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Merges master into feature/wsl-for-apps, bringing networking (virtio proxy IPv6 + port-0 bind tracking), virtiofs mapping updates, and shifting initrd generation back to being shipped as a build artifact rather than generated at install time.
Changes:
- Add IPv6 support and new tests for virtio proxy (including DNS + routing readiness) and implement port-zero bind tracking/resolution.
- Refactor MSI/Wintrust-related helpers out of
wslutilintoinstall.{h,cpp}and update link targets accordingly (including delayed loading). - Switch initrd creation to build-time (
create-initrd.ps1+initramfstarget) and shipinitrd.imgin the MSI; remove installer custom actions and related tests.
Reviewed changes
Copilot reviewed 51 out of 51 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/create-initrd.ps1 | New PS script to generate initrd CPIO archive |
| test/windows/UnitTests.cpp | Uses new install helpers + adjusts GUI config switching |
| test/windows/SimpleTests.cpp | Removes CPIO initrd unit test |
| test/windows/NetworkTests.cpp | Adds IPv6 + port-0 bind tracking tests and helpers |
| test/windows/InstallerTests.cpp | Removes initrd lifecycle MSI test |
| test/windows/DrvFsTests.cpp | Re-enables VirtioFs test class |
| test/windows/Common.cpp | Sets guiApplications default to true in test config |
| test/windows/CMakeLists.txt | Adds MSI/HCS/service link libraries for tests |
| src/windows/wslinstaller/exe/WslInstaller.cpp | Switches MSI upgrade/log calls to install helpers |
| src/windows/wslinstaller/exe/CMakeLists.txt | Links MSI libs for installer EXE |
| src/windows/wslinstall/wslinstall.def | Removes exported initrd custom actions |
| src/windows/wslinstall/DllMain.cpp | Removes initrd custom actions; imports install helpers |
| src/windows/wslinstall/CMakeLists.txt | Links via ${MSI_LINK_LIBRARIES} instead of Msi.lib |
| src/windows/wslg/CMakeLists.txt | Adds MSI libs + delay-loads MSI/Wintrust |
| src/windows/wsl/CMakeLists.txt | Adds MSI libs + delay-loads MSI/Wintrust |
| src/windows/service/exe/WslCoreVm.h | Changes virtiofs share API to return tag+source |
| src/windows/service/exe/WslCoreVm.cpp | Virtio proxy IPv6 flags, DNS tunneling behavior, virtiofs response source |
| src/windows/service/exe/PluginManager.cpp | Uses install::ValidateFileSignature |
| src/windows/service/exe/HcsVirtualMachine.cpp | Moves IsDisableVgpuSettingsSupported under hcs |
| src/windows/service/exe/CMakeLists.txt | Adds MSI/HCS/service link libraries |
| src/windows/common/wslutil.h | Removes MSI/Wintrust helper declarations |
| src/windows/common/wslutil.cpp | Removes MSI/Wintrust helper implementations |
| src/windows/common/install.h | New header for MSI/Wintrust helper declarations |
| src/windows/common/install.cpp | New implementation file for MSI/Wintrust helper logic |
| src/windows/common/helpers.hpp | Removes IsDisableVgpuSettingsSupported declaration |
| src/windows/common/helpers.cpp | Removes IsDisableVgpuSettingsSupported implementation |
| src/windows/common/hcs.hpp | Adds IsDisableVgpuSettingsSupported declaration |
| src/windows/common/hcs.cpp | Implements IsDisableVgpuSettingsSupported |
| src/windows/common/filesystem.hpp | Removes CreateCpioInitrd declaration |
| src/windows/common/filesystem.cpp | Removes CreateCpioInitrd implementation |
| src/windows/common/WslCoreNetworkingSupport.h | Includes gateways in adapter enumeration |
| src/windows/common/WslCoreNetworkEndpointSettings.h | Adds IPv6 preferred address + v6 gateway support |
| src/windows/common/WslCoreNetworkEndpointSettings.cpp | Populates IPv6 preferred address and v6 route |
| src/windows/common/WslCoreConfig.cpp | Allows dns tunneling config with VirtioProxy (with constraints) |
| src/windows/common/WslClient.cpp | Switches update/uninstall/MSIX forwarding to install helpers |
| src/windows/common/VirtioNetworking.h | Adds IPv6 flag + tracked IPv4/IPv6 state and API changes |
| src/windows/common/VirtioNetworking.cpp | Implements IPv6 address/DNS changes + port tracking tweaks |
| src/windows/common/CMakeLists.txt | Adds install.cpp to common sources |
| src/shared/inc/lxinitshared.h | Removes virtiofs query msg; adds SourceOffset in response |
| src/linux/init/drvfs.cpp | Stores virtiofs tag->source mapping via symlinks |
| src/linux/init/GnsPortTracker.h | Adds deferred port-0 resolution structures/queues |
| src/linux/init/GnsPortTracker.cpp | Implements deferred port-0 resolution via pidfd_getfd + getsockname |
| src/linux/init/CMakeLists.txt | Adds initramfs target producing initrd.img at build time |
| packages.config | Bumps .NET runtime packages to 10.0.4 |
| msipackage/package.wix.in | Ships initrd.img in MSI and removes initrd custom actions |
| msipackage/CMakeLists.txt | Adds initrd.img as packaged Linux binary; depends on initramfs |
| distributions/DistributionInfo.json | Adds Ubuntu 20.04/22.04 downloads; updates AlmaLinux URLs |
| NOTICE.txt | Removes .NET runtime notice blocks |
| CONTRIBUTING.md | Updates networking log collection prerequisites |
| CMakeLists.txt | Splits MSI/HCS/service link library groups |
| .pipelines/build-stage.yml | Adds initramfs to build targets list |
Comments suppressed due to low confidence (1)
tools/create-initrd.ps1:1
- The prior initrd generator (and removed tests) enforced padding the archive to a 512-byte boundary; this script currently writes
newcentries but does not perform final 512-byte block padding. If any consumer in your packaging/install flow expects 512-aligned initrd images (or relies on the previous behavior), this can cause subtle regressions. Consider adding final padding to 512 bytes (or update any consuming expectations/tests to explicitly accept non-512-paddedcpio newc).
Comment on lines
639
to
641
| --------------------------------------------------------- | ||
|
|
||
| --------------------------------------------------------- |
There was a problem hiding this comment.
packages.config still declares Microsoft.NETCore.App.Runtime.win-arm64 and Microsoft.NETCore.App.Runtime.win-x64 (now at 10.0.4), but the NOTICE sections for these runtime packages were removed without replacement. If NOTICE.txt is used for third-party attributions, it should be updated to reflect the new runtime versions rather than dropping the entries entirely to avoid attribution/compliance gaps.
OneBlue
approved these changes
Mar 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change merges the master branch into the feature/wsl-for-apps branch.
Biggest updates here are: