On Fri, Aug 22, 2025 at 5:55 AM Jinchao Wang <wangjinchao...@gmail.com> wrote: > > The current signature check logic incorrectly fails modules that have > valid signatures when the caller specifies MODULE_INIT_IGNORE_MODVERSIONS > or MODULE_INIT_IGNORE_VERMAGIC flags. This happens because the code > treats these flags as indicating a "mangled module" and skips signature > verification entirely. > > The key insight is that the intent of the caller (to ignore modversions > or vermagic) should not affect signature verification. A module with > a valid signature should be verified regardless of whether the caller > wants to ignore versioning information.
Why would you need to ignore versions when loading signed modules? Here's the original series that added this check and I feel it's very much relevant still: https://lore.kernel.org/lkml/20160423184421.gl3...@decadent.org.uk/ Sami
