On Fri, Aug 22, 2025 at 5:55 AM Jinchao Wang <[email protected]> wrote: > > The current signature check logic incorrectly fails modules that have > valid signatures when the caller specifies MODULE_INIT_IGNORE_MODVERSIONS > or MODULE_INIT_IGNORE_VERMAGIC flags. This happens because the code > treats these flags as indicating a "mangled module" and skips signature > verification entirely. > > The key insight is that the intent of the caller (to ignore modversions > or vermagic) should not affect signature verification. A module with > a valid signature should be verified regardless of whether the caller > wants to ignore versioning information.
Why would you need to ignore versions when loading signed modules? Here's the original series that added this check and I feel it's very much relevant still: https://lore.kernel.org/lkml/[email protected]/ Sami
