SOLVED Malicious Driver Detection

[tv1968]

Hi,

I'm in the process of upgrading FreeNAS to TrueNas Core.
Eveything going smoothly so far but on one machine.

Ever since upgrading it shows the following error a couple of time a day:
ixl...: Malicious Driver Detection event 1 on RX queue

Sometimes ixl0, sometimes ixl1.

The only effect I've seen so far is that machine times out on ssh connections. The iscsi connections seem to work ok but maybe it happens there too.
The retry on ssh (sometimes the 3rd try) almost always leads to a succesfull connection.

I have several systems with the same hardware configuration and none of the other that were updated exhibit this behaviour.

After looking at dmesg I found a line stating that the driver expected a newer firmware version.
I downloaded the Intel nvm tool and updated to the latest release.

It now gives:

ixl1: <Intel(R) Ethernet Controller X710 for 10GbE SFP+ - 2.3.0-k> mem 0xdc800000-0xdcffffff,0xdd800000-0xdd807fff irq 16 at device 0.1 on pci1
ixl1: fw 8.2.64244 api 1.13 nvm 8.20 etid 80009bcc oem 0.0.0
ixl1: The driver for the device detected a newer version of the NVM image than expected.
ixl1: Please install the most recent version of the network driver.
ixl1: PF-ID[1]: VFs 64, MSI-X 129, VF MSI-X 5, QPs 768, I2C
ixl1: Using 1024 TX descriptors and 1024 RX descriptors
ixl1: Using 4 RX queues 4 TX queues
ixl1: Using MSI-X interrupts with 5 vectors
ixl1: Ethernet address: 64:9d:99:b1:00:ab
ixl1: Allocating 4 queues for PF LAN VSI; 4 queues active
ixl1: PCI Express Bus: Speed 8.0GT/s Width x8
ixl1: SR-IOV ready
ixl1: Link is up, 10 Gbps Full Duplex, Requested FEC: None, Negotiated FEC: None, Autoneg: False, Flow Control: None
ixl1: link state changed to UP

It is now stating that a newer than expected image is installed.

The machine is only use to host iscsi zvols. We don't run anything else on the machine(s).

Does anyone know which firmware is expected for the current Intel ixl driver in 12.0-U1.1?
Other suggestions for testing are welcome as well

Thanks,

Ton

 

[tv1968]

As it turns out after several rounds of investigation and testing the issue was created in the upgrade from FreeNAS to TrueNAS Core.

During testing it turned out that the lagg-interface (LACP) wasn't working as it should.
I had to re-create the lagg interface. Since deleting and creating a new lagg no issues have occurred.

Maybe this helps someone in the future.

Ton