Ethernet Products
Determine ramifications of Intel® Ethernet products and technologies
4974 Discussions

Malicious Driver Detection event

ErnestoR
Novice
3,834 Views

Hello,

I have from time to time events saying:

Malicious Driver Detection event 7 on TX queue 267 PF# 1

Any suggestion on why they are generated?

What is "event 7"?

Also, we do not have 267 tx queues: what does that number represent?

 

Environment:

Intel E810-C-Q2 split as 8x10G

Driver ice 1.7.16

NVM 3.10

Rocky Linux release 8.5

 

Thank you

Ernesto

 

0 Kudos
6 Replies
Fariz_Intel
Employee
3,779 Views

Hi ErnestoR,

 

Thank you for posting in Intel Ethernet Communities.

 

Some Intel Ethernet devices use Malicious Driver Detection (MDD) to detect malicious traffic from the Virtual Function (VF) and disable Tx/Rx queues or drop the offending packet until a VF driver reset occurs. You can view MDD messages in the Physical Function's (PF) event log.

 

Based on the event log it looks like MDD occurs at event 7 where TX queue is the buffer containing packets that needs to be sent.

 

You may try to install with latest ice driver for E810 version 1.11.14 as per below and see if the MDD event still appear. The latest driver contain latest update and fix for some issue.

 

Intel® Network Adapter Driver for E810 Series Devices under Linux

https://www.intel.com/content/www/us/en/download/19630/intel-network-adapter-driver-for-e810-series-devices-under-linux.html

 

Intel Ethernet Drivers and Utilities Files

https://sourceforge.net/projects/e1000/files/ice%20stable/

 

Intel® Ethernet Adapter Complete Driver Pack version 28.0 (large file):

https://www.intel.com/content/www/us/en/download/15084/intel-ethernet-adapter-complete-driver-pack.html

 

The ice driver is inside folder: Release_28.0 -> PROCGB -> Linux.

 

You can refer Intel® Ethernet Product Software Release Notes as per link below for more information on supported OS:

https://www.intel.com/content/www/us/en/download/19622/intel-ethernet-product-software-release-notes.html

 

However just in case if you happen to be using NIC from OEM (e.g. Dell) you may get consult with the OEM on which driver is suitable as their driver might be optimized/customized for their product.

 

Best regards,

Fariz_Intel


0 Kudos
ErnestoR
Novice
3,768 Views

Thank you Fariz for your answer,

we are using Intel NIC not OEM rebranded.

I understand your suggestion to upgrade the firmware, but unfortunately it's a production environment and upgrades are not the easiest thing to do. That's why I need first to investigate.

What we experiment is exactly what you described: some packets are lost and from time to time the whole queue is disabled (or at least it egresses a very limited percentage of the submitted packets). We are not certain that the two events (MDD syslog and disabled queue) are connected. Also we suspect the offending packets are PPTP packets, but were unable to repro in a test server.

Do you know if there is any fix related to PPTP in the new drivers/firmware? I cannot see it in the release notes. But I also cannot find anything related to MDD except the note about turning auto-reset on (btw, do you know how it can be done in DPDK?)

Back to the original question: what is event 7?

Thanks

Ernesto

 

0 Kudos
Fariz_Intel
Employee
3,734 Views

Hi ErnestoR,

 

Thanks for the information.

 

We apologize for the inconvenience caused.

 

We would be grateful if you could share/provide us some log file showing the error related to MDD event and PPTP in order to do further checking so that we can verify the connection between MDD syslog, disabled queue and PPTP packets. As we observe the event 7 looks similar to the event ID. e.g. event 7 = event id number 7

 

Furthermore, we also would like to know if you are using DPDK with the Intel E810. For Support with DPDK we recommend refer to DPDK.org site or open an IPS case at IPS Support site(will require for Sign in or Sign up) as per link below:

 

DPDK.org

https://www.dpdk.org/

 

Intel® Premier Support Access (Kindly refer instruction on the webpage for login step)

https://www.intel.com/content/www/us/en/design/support/ips/training/access-and-login.html

 

You also can use Intel SSU utility that performs a detailed scan and report as per below link :

 

Intel® System Support Utility for the Linux* Operating System

https://www.intel.com/content/www/us/en/download/18895/intel-system-support-utility-for-the-linux-operating-system.html

 

We will cross check with engineering team for your inquiry regarding PPTP fix in latest driver and MDD reference document.

 

 

Best regards,

Fariz_Intel


0 Kudos
Fariz_Intel
Employee
3,658 Views

Hi ErnestoR,

 

We have cross check this issue with engineering team and it looks like we need more details on your environment so that we can understand the context of the error.

 

Is it possible for you to provide an overall picture of your setup and details on OS for host and VM as well as VM configuration?

 

Also other detail such as use of DPDK and version information which is sometime may effect this issue.

 

If you have additional questions or clarifications, feel free to let us know.

 

 

Best regards,

Fariz_Intel


0 Kudos
ErnestoR
Novice
3,614 Views

Hi Fariz,

Rocky Linux 8.5, no VM

DPDK 21.11 ICE driver 1.7.16, DDP 1.3.27, NVM 3.1

The event says:

ice_interrupt_handler(): Malicious Driver Detection event 7 by TCLAN on TX queue 1032 PF# 4

(different servers have different numbers for TX queue and PF)

 

Thank you

Ernesto

 

0 Kudos
Fariz_Intel
Employee
3,131 Views

Hi ErnestoR,


We sincerely apologize for any inconvenience caused. After reviewing the details provided, it appears that DPDK.org is a better contact point to seek assistance. We would love to be of further assistance; however, they specialize in handling issues related to the DPDK.

 

DPDK.org

https://www.dpdk.org/


Best regards,

Fariz_Intel


0 Kudos
Reply