Skip to content

[model] Add gpt-oss-20b-bf16 script#590

Open
guapisolo wants to merge 2 commits intoradixark:mainfrom
guapisolo:feat/gpt_oss_bf16
Open

[model] Add gpt-oss-20b-bf16 script#590
guapisolo wants to merge 2 commits intoradixark:mainfrom
guapisolo:feat/gpt_oss_bf16

Conversation

@guapisolo
Copy link
Collaborator

@guapisolo guapisolo commented Feb 12, 2026

@gemini-code-assist
Copy link
Contributor

Summary of Changes

Hello @guapisolo, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces comprehensive support for the gpt-oss-20b model by adding its detailed architectural configuration and a dedicated script to orchestrate its execution. The new script leverages Ray for distributed processing and includes extensive parameterization for various aspects of model training or evaluation, such as checkpoint management, data handling, performance optimization, and specific GRPO and SGLang settings.

Highlights

  • New Model Configuration: Introduced a new shell script (gpt-oss-20b.sh) that defines the architectural parameters for the gpt-oss-20b model, including its layers, hidden size, attention heads, rotary embeddings, normalization, activation, and MoE parameters.
  • Model Execution Script: Added a new execution script (run-gpt-oss-20b.sh) to set up and run the gpt-oss-20b model. This script includes configurations for checkpoint handling, data rollout, performance (parallelism, recomputation, batch size), optimizer settings, GRPO, SGLang, and other miscellaneous arguments, and uses Ray for job submission.
Changelog
  • scripts/models/gpt-oss-20b.sh
    • Added a new file to define the gpt-oss-20b model's architecture.
    • Specified parameters for layers, hidden size, attention, embeddings, normalization, and MoE.
  • scripts/run-gpt-oss-20b.sh
    • Added a new script for running the gpt-oss-20b model.
    • Included setup for Ray, environment variables, and sourcing the model configuration.
    • Defined arguments for checkpointing, data rollout, performance, optimizer, GRPO, SGLang, and miscellaneous settings.
    • Implemented Ray job submission command to launch the training/evaluation process.
Activity
  • No human activity (comments, reviews, progress updates) has been provided in the context.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds scripts to run the gpt-oss-20b model, introducing a model configuration file and a run script. However, the run script contains several security issues related to improper handling of environment variables and insecure default configurations, specifically unquoted variables in shell commands, direct string concatenation for JSON construction leading to command and JSON injection vulnerabilities, and exposing the Ray dashboard on all network interfaces, which increases the attack surface. Beyond security, there are also issues with a messy process cleanup block, the use of an environment variable without a safe default, and an undefined argument array, which impact the script's robustness and clarity.

\"env_vars\": {
\"PYTHONPATH\": \"/root/Megatron-LM/\",
\"CUDA_DEVICE_MAX_CONNECTIONS\": \"1\",
\"NCCL_NVLS_ENABLE\": \"${HAS_NVLINK}\"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

The environment variable HAS_NVLINK is directly embedded into a JSON string without sanitization, making it vulnerable to JSON injection if it contains a double quote, potentially leading to Remote Code Execution (RCE). Additionally, it lacks a default value, which could lead to unexpected behavior if unset. Consider using a proper JSON processor like jq and providing a safe default, for example 0, to explicitly disable NVLS when the variable is not present.

Suggested change
\"NCCL_NVLS_ENABLE\": \"${HAS_NVLINK}\"
"NCCL_NVLS_ENABLE": "${HAS_NVLINK:-0}"


# launch the master node of ray in container
export MASTER_ADDR=${MASTER_ADDR:-"127.0.0.1"}
ray start --head --node-ip-address ${MASTER_ADDR} --num-gpus 8 --disable-usage-stats --dashboard-host=0.0.0.0 --dashboard-port=8265
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

The environment variable MASTER_ADDR is used unquoted in a shell command. In Bash, unquoted variables undergo word splitting and globbing, which can lead to command injection if the variable contains characters like ;, &, or |. For example, if MASTER_ADDR is set to 127.0.0.1; id, the script will execute the id command. Always wrap shell variables in double quotes to prevent this.

Suggested change
ray start --head --node-ip-address ${MASTER_ADDR} --num-gpus 8 --disable-usage-stats --dashboard-host=0.0.0.0 --dashboard-port=8265
ray start --head --node-ip-address "${MASTER_ADDR}" --num-gpus 8 --disable-usage-stats --dashboard-host=0.0.0.0 --dashboard-port=8265


# launch the master node of ray in container
export MASTER_ADDR=${MASTER_ADDR:-"127.0.0.1"}
ray start --head --node-ip-address ${MASTER_ADDR} --num-gpus 8 --disable-usage-stats --dashboard-host=0.0.0.0 --dashboard-port=8265
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

The Ray dashboard is configured to listen on 0.0.0.0 (all interfaces). This exposes the dashboard to any network the machine is connected to. If the environment is not properly isolated, an attacker could access the dashboard to gain information about the cluster or potentially exploit vulnerabilities in the dashboard itself. It is a security best practice to restrict the dashboard to 127.0.0.1 or a specific internal management IP.

Comment on lines +4 to +11
pkill -9 sglang
sleep 3
ray stop --force
pkill -9 ray
pkill -9 python
sleep 3
pkill -9 ray
pkill -9 python
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This process cleanup block is repetitive and can be simplified. The current implementation has redundant pkill commands and an unusual sleep. Reordering and simplifying the commands will make the script cleaner and more maintainable.

Suggested change
pkill -9 sglang
sleep 3
ray stop --force
pkill -9 ray
pkill -9 python
sleep 3
pkill -9 ray
pkill -9 python
ray stop --force
pkill -9 sglang
pkill -9 ray
pkill -9 python

${GRPO_ARGS[@]} \
${WANDB_ARGS[@]} \
${PERF_ARGS[@]} \
${EVAL_ARGS[@]} \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The EVAL_ARGS array is expanded here but is not defined in the script. This results in no evaluation-related arguments being passed to train.py. If evaluation is intended, please define the EVAL_ARGS array. If not, consider removing this line to avoid confusion.

@guapisolo guapisolo changed the title [model] Add gpt-oss-20b script [model] Add gpt-oss-20b-bf16 script Feb 12, 2026
guapisolo and others added 2 commits February 15, 2026 20:00
Co-Authored-By: Wenjie Ma <55629401+euclidgame@users.noreply.github.com>
@guapisolo guapisolo mentioned this pull request Feb 17, 2026
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant