Re: [PATCH 1/5] module: Fix module_sig_check() for modules with ignored modversions/vermagic
From: Sami Tolvanen
Date: Fri Aug 22 2025 - 15:37:40 EST
On Fri, Aug 22, 2025 at 5:55 AM Jinchao Wang <wangjinchao600@xxxxxxxxx> wrote:
>
> The current signature check logic incorrectly fails modules that have
> valid signatures when the caller specifies MODULE_INIT_IGNORE_MODVERSIONS
> or MODULE_INIT_IGNORE_VERMAGIC flags. This happens because the code
> treats these flags as indicating a "mangled module" and skips signature
> verification entirely.
>
> The key insight is that the intent of the caller (to ignore modversions
> or vermagic) should not affect signature verification. A module with
> a valid signature should be verified regardless of whether the caller
> wants to ignore versioning information.
Why would you need to ignore versions when loading signed modules?
Here's the original series that added this check and I feel it's very
much relevant still:
https://lore.kernel.org/lkml/20160423184421.GL3348@xxxxxxxxxxxxxxx/
Sami