Hello DPDK / net_ice maintainers,
We are seeing a reproducible and concerning issue when using the net_ice PMD with DPDK 22.11.2, and we would appreciate your help diagnosing it. Summary - Environment: - DPDK: 22.11.2 - net_ice PCI device: 8086:159b - ice kernel driver: 1.12.7 - NIC firmware: FW 7.3.6111681 (NVM 4.30) - IOVA mode: PA, VFIO enabled - Multi-process socket: /var/run/dpdk/PGW/mp_socket - NUMA: 2, detected lcores: 112 - Bonding: pmd_bond with bonded devices created (net_bonding0 on port 4, net_bonding1 on port 5) - Driver enabled AVX2 OFFLOAD Vector Tx (log shows "ice_set_tx_function(): Using AVX2 OFFLOAD Vector Tx") - Problem statement: - Our application calls rte_eth_tx_prepare before calling rte_eth_tx_burst as part of the normal transmission path. - After the application has been running for some time (not immediate), the kernel/driver emits the following messages repeatedly: - ice_interrupt_handler(): OICR: MDD event - ice_interrupt_handler(): Malicious Driver Detection event 3 by TCLAN on TX queue 1025 PF# 1 - We are using a single TX queue (application-level single queue) and are sending only one packet per burst (burst size = 1). - The sequence is: rte_eth_tx_prepare (returns) -> rte_eth_tx_burst -> MDD events occur later. - The events affect stability and repeat over time. Relevant startup logs (excerpt) EAL: Detected CPU lcores: 112 EAL: Detected NUMA nodes: 2 EAL: Selected IOVA mode 'PA' EAL: VFIO support initialized EAL: Probe PCI driver: net_ice (8086:159b) device: 0000:3b:00.1 (socket 0) ice_load_pkg_type(): Active package is: 1.3.45.0, ICE COMMS Package (double VLAN mode) ice_dev_init(): FW 7.3.6111681 API 1.7 ... bond_probe(3506) - Initializing pmd_bond for net_bonding0 bond_probe(3592) - Create bonded device net_bonding0 on port 4 in mode 1 on socket 0. ... ice_set_tx_function(): Using AVX2 OFFLOAD Vector Tx (port 0). TELEMETRY: No legacy callbacks, legacy socket not created What we have tried / preliminary observations - Confirmed application calls rte_eth_tx_prepare prior to rte_eth_tx_burst. - Confirmed single TX queue configuration and small bursts (size = 1) ?? not high-rate, not a typical high-burst/malicious pattern. - The MDD log identifies "TX queue 1025"; unclear how that maps to our DPDK queue numbering (we use queue 0 in the app). - No obvious other DPDK errors at startup; interface initializes normally and vector TX is enabled. - We suspect the driver's Malicious Driver Detection (MDD) is triggering due to some descriptor/doorbell ordering or offload interaction, possibly related to AVX2 Vector Tx offload. Questions / requests to the maintainers 1. What specifically triggers "MDD event 3 by TCLAN" in net_ice? Which driver check/threshold corresponds to event type 3? 2. How is the "TX queue 1025" value computed/mapped in the log? (Is it queue id + offset, VF mapping, or an internal vector id?) We need to map that log value to our DPDK queue index. 3. Can the rte_eth_tx_prepare + rte_eth_tx_burst call pattern cause MDD detections under any circumstances? If so, are there recommended usage patterns or ordering constraints to avoid false positives? 4. Are there known firmware/driver/DPDK version combinations with similar MDD behavior? Do you recommend specific NIC firmware, kernel driver, or DPDK versions as a workaround/fix? 5. Any suggested workarounds we can test quickly (e.g., disable vector TX offload, disable specific HW offloads, change interrupt/queue bindings, or adjust doorbell behavior)? Best regards.
