[model] Add gpt-oss-20b-bf16 script

[guapisolo]

Thanks @euclidgame for the base script.

Wandb log link: https://wandb.ai/zyzshizhui_/miles-mgt-oss/runs/apa89g0h?nw=nwuserzyzshizhui_

[gemini-code-assist]

Summary of Changes

Hello @guapisolo, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces comprehensive support for the gpt-oss-20b model by adding its detailed architectural configuration and a dedicated script to orchestrate its execution. The new script leverages Ray for distributed processing and includes extensive parameterization for various aspects of model training or evaluation, such as checkpoint management, data handling, performance optimization, and specific GRPO and SGLang settings.

Highlights

• New Model Configuration: Introduced a new shell script (gpt-oss-20b.sh) that defines the architectural parameters for the gpt-oss-20b model, including its layers, hidden size, attention heads, rotary embeddings, normalization, activation, and MoE parameters.
• Model Execution Script: Added a new execution script (run-gpt-oss-20b.sh) to set up and run the gpt-oss-20b model. This script includes configurations for checkpoint handling, data rollout, performance (parallelism, recomputation, batch size), optimizer settings, GRPO, SGLang, and other miscellaneous arguments, and uses Ray for job submission.

Changelog

• scripts/models/gpt-oss-20b.sh
  • Added a new file to define the gpt-oss-20b model's architecture.
  • Specified parameters for layers, hidden size, attention, embeddings, normalization, and MoE.
• scripts/run-gpt-oss-20b.sh
  • Added a new script for running the gpt-oss-20b model.
  • Included setup for Ray, environment variables, and sourcing the model configuration.
  • Defined arguments for checkpointing, data rollout, performance, optimizer, GRPO, SGLang, and miscellaneous settings.
  • Implemented Ray job submission command to launch the training/evaluation process.

Activity

• No human activity (comments, reviews, progress updates) has been provided in the context.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds scripts to run the gpt-oss-20b model, introducing a model configuration file and a run script. However, the run script contains several security issues related to improper handling of environment variables and insecure default configurations, specifically unquoted variables in shell commands, direct string concatenation for JSON construction leading to command and JSON injection vulnerabilities, and exposing the Ray dashboard on all network interfaces, which increases the attack surface. Beyond security, there are also issues with a messy process cleanup block, the use of an environment variable without a safe default, and an undefined argument array, which impact the script's robustness and clarity.

[gemini-code-assist]

The environment variable HAS_NVLINK is directly embedded into a JSON string without sanitization, making it vulnerable to JSON injection if it contains a double quote, potentially leading to Remote Code Execution (RCE). Additionally, it lacks a default value, which could lead to unexpected behavior if unset. Consider using a proper JSON processor like jq and providing a safe default, for example 0, to explicitly disable NVLS when the variable is not present.

Suggested change

	\"NCCL_NVLS_ENABLE\": \"${HAS_NVLINK}\"
	"NCCL_NVLS_ENABLE": "${HAS_NVLINK:-0}"

[gemini-code-assist]

The environment variable MASTER_ADDR is used unquoted in a shell command. In Bash, unquoted variables undergo word splitting and globbing, which can lead to command injection if the variable contains characters like ;, &, or |. For example, if MASTER_ADDR is set to 127.0.0.1; id, the script will execute the id command. Always wrap shell variables in double quotes to prevent this.

Suggested change

	ray start --head --node-ip-address ${MASTER_ADDR} --num-gpus 8 --disable-usage-stats --dashboard-host=0.0.0.0 --dashboard-port=8265
	ray start --head --node-ip-address "${MASTER_ADDR}" --num-gpus 8 --disable-usage-stats --dashboard-host=0.0.0.0 --dashboard-port=8265

[gemini-code-assist]

The Ray dashboard is configured to listen on 0.0.0.0 (all interfaces). This exposes the dashboard to any network the machine is connected to. If the environment is not properly isolated, an attacker could access the dashboard to gain information about the cluster or potentially exploit vulnerabilities in the dashboard itself. It is a security best practice to restrict the dashboard to 127.0.0.1 or a specific internal management IP.

[gemini-code-assist]

This process cleanup block is repetitive and can be simplified. The current implementation has redundant pkill commands and an unusual sleep. Reordering and simplifying the commands will make the script cleaner and more maintainable.

Suggested change

	pkill -9 sglang
	sleep 3
	ray stop --force
	pkill -9 ray
	pkill -9 python
	sleep 3
	pkill -9 ray
	pkill -9 python
	ray stop --force
	pkill -9 sglang
	pkill -9 ray
	pkill -9 python

[gemini-code-assist]

The EVAL_ARGS array is expanded here but is not defined in the script. This results in no evaluation-related arguments being passed to train.py. If evaluation is intended, please define the EVAL_ARGS array. If not, consider removing this line to avoid confusion.