Back in Windows 2000 time, Windows is shipped with a POSIX subsystem and even a OS/2 subsystem for software compatibility for those two OS’s. Below is a picture from the msdn of NT workstation.
And the POSIX subsystem turns into SUA(Subsystem for Unix Application) as Microsoft released Windows Vista, and gets mature in Windows 7 / Windows Server 2008 (Picture from MSDN 2007)
WSL on Windows 10
A few terms on windows
Windows User Mode
A CPU mode that provides isolation and protection for normal application so that even if one program crashes, no other programs will be affect.
Windows Kernel Mode
The CPU mode used by core components of system kernel (like hardware drivers) for interaction with hardware.
Windows NT Kernel
NT kernel separates the APIs that program can call and the system kernel, so that Windows NT supports multiple subsystem (Win32, OS/2, POSIX).
Originally part of DrawBridge project. It provides a lightweight way to run an (linux) application in an isolated environment. No operating system kernel or service needed. All the system calls are handled by Pico driver.
How WSL works
When Windows 10 starts
It loads two more
lxcore.sys, to NT kernel.
After user types
The LX Session Manager Service starts. This service is essential for communicating between bash.exe and Linux Elf64 binary.
When a Linux program starts
The Linux process starts as a Pico process in Windows NT User Mode
LXSS System Calls
lxcore.sys and lxss.sys
These to system files are responsible for intercepting all linux syscalls and translating them to Windows NT kernel instructions.
# Simple Fork Bomb import os while 1: os.fork()
There is no direct comparable call in Windows for Linux Fork(). So when the Linux process requires fork action, lxcore.sys intercept that call, prepare for the process replication and create multithread according to the program’s requirements using NT kernel API.
Epoll is a syscall for I/O event notification. Under WSL, it’s designed to merge into Win32 Event System for further handling.
Windows provides VolFS for file compatibility with Linux file system. VolFS contains linux permission, symbolic link, case sensitive. DriveFS enables windows to read and write linux file system and also allow linux to see the windows volumn.