From 5be0f8ac436cdae45520f7f2d606a3495906ff77 Mon Sep 17 00:00:00 2001 From: DWarez Date: Mon, 13 Jul 2026 14:41:25 +0200 Subject: [PATCH 1/3] add: huggingface-vllm v0.25 Signed-off-by: DWarez --- .../image/huggingface-vllm/sagemaker.yml | 4 +- docker/huggingface/vllm/Dockerfile | 13 ++++--- .../huggingface/vllm/hf_optimizations.sh | 38 +++++++++++++++++-- 3 files changed, 44 insertions(+), 11 deletions(-) diff --git a/.github/config/image/huggingface-vllm/sagemaker.yml b/.github/config/image/huggingface-vllm/sagemaker.yml index 366aed1e8f6f..419171be3d8d 100644 --- a/.github/config/image/huggingface-vllm/sagemaker.yml +++ b/.github/config/image/huggingface-vllm/sagemaker.yml @@ -4,7 +4,7 @@ image: metadata: framework: "huggingface-vllm" - framework_version: "0.22.1" + framework_version: "0.25.0" os_version: "ubuntu22.04" customer_type: "sagemaker" platform: "sagemaker" @@ -17,7 +17,7 @@ metadata: build: dockerfile: "docker/huggingface/vllm/Dockerfile" target: "huggingface-vllm-sagemaker" - base_image: "public.ecr.aws/deep-learning-containers/vllm:0.22.1-gpu-py312-cu130-ubuntu22.04-sagemaker-v1.0" + base_image: "public.ecr.aws/deep-learning-containers/vllm:0.25.0-gpu-py312-cu130-ubuntu22.04-sagemaker-v1.0" python_version: "3.12" cuda_version: "13.0.2" transformers_version: "5.10.2" diff --git a/docker/huggingface/vllm/Dockerfile b/docker/huggingface/vllm/Dockerfile index 97a12329985d..a07734da7ab9 100644 --- a/docker/huggingface/vllm/Dockerfile +++ b/docker/huggingface/vllm/Dockerfile @@ -1,9 +1,9 @@ -ARG BASE_IMAGE=public.ecr.aws/deep-learning-containers/vllm:0.22.1-gpu-py312-cu130-ubuntu22.04-sagemaker-v1.0 +ARG BASE_IMAGE=public.ecr.aws/deep-learning-containers/vllm:0.25.0-gpu-py312-cu130-ubuntu22.04-sagemaker-v1.0 FROM ${BASE_IMAGE} AS base ARG FRAMEWORK=huggingface-vllm -ARG FRAMEWORK_VERSION=0.22.1 +ARG FRAMEWORK_VERSION=0.25.0 ARG CONTAINER_TYPE=general ARG DLC_MAJOR_VERSION=1 @@ -106,10 +106,11 @@ RUN dpkg -l | grep -E "cuda|nvidia|libnv" | awk '{print $2}' | xargs apt-mark ho && rm -rf /var/lib/apt/lists/* # NOTE: the mooncake-transfer-engine (CVE-2026-33186) and openssh -# (CVE-2026-35385/35414/35386) backports the v0.21 image carried are dropped -# here: the 0.22.1 base already ships the fixed versions -# (mooncake-transfer-engine 0.3.10.post2, openssh 1:8.9p1-3ubuntu0.15). -# ffmpeg above is still required (the base ships the vulnerable 4.4.2). +# (CVE-2026-35385/35414/35386) backports the v0.21 image carried stay dropped: +# the 0.22.1+ bases ship the fixed versions. ffmpeg above is kept because the +# ubuntu22.04 base still ships the vulnerable 4.4.2 — re-verify both against +# the 0.25 base scan; the unpatchable mooncake go/stdlib findings are +# allowlisted (test/security/data/ecr_scan_allowlist/huggingface-vllm/). RUN HOME_DIR=/root \ && uv pip install --system --upgrade pip requests PTable \ diff --git a/scripts/docker/huggingface/vllm/hf_optimizations.sh b/scripts/docker/huggingface/vllm/hf_optimizations.sh index 88f705559b4f..e7c2b7aeaaa2 100755 --- a/scripts/docker/huggingface/vllm/hf_optimizations.sh +++ b/scripts/docker/huggingface/vllm/hf_optimizations.sh @@ -1,13 +1,29 @@ #!/usr/bin/env bash # # HuggingFace vLLM auto-optimization layer. +# +# SOURCED (not executed) by the entrypoint before the server starts. Two rules: +# 1. Nothing the user already set is overridden — explicit env always wins. +# 2. Every feature has an HF_ENABLE_* toggle; HF_ENABLE_OPTIMIZATIONS=0 kills +# the whole layer. + +# The entrypoint consumes these even when the layer is disabled. +export HF_LMCACHE_KV_CONFIG="" +: "${HF_ENABLE_RUNAI_STREAMER:=0}" # opt-in +export HF_ENABLE_RUNAI_STREAMER + +: "${HF_ENABLE_OPTIMIZATIONS:=1}" +if [[ "${HF_ENABLE_OPTIMIZATIONS}" != "1" ]]; then + echo "[hf-opt] disabled (HF_ENABLE_OPTIMIZATIONS=${HF_ENABLE_OPTIMIZATIONS})" + return 0 2>/dev/null || exit 0 +fi # ---- feature toggles ------------------------------------------------------- : "${HF_ENABLE_EXPANDABLE_SEGMENTS:=1}" : "${HF_ENABLE_LMCACHE:=1}" -: "${HF_ENABLE_RUNAI_STREAMER:=0}" # opt-in : "${HF_LMCACHE_CPU_FRACTION:=0.5}" # share of total RAM for the LMCache CPU pool -export HF_ENABLE_RUNAI_STREAMER +: "${HF_ENABLE_XET_HIGH_PERFORMANCE:=1}" +: "${HF_ENABLE_TOKENIZERS_GUARD:=1}" hf_opt_log() { echo "[hf-opt] $*"; } @@ -27,7 +43,6 @@ if [[ "${HF_ENABLE_EXPANDABLE_SEGMENTS}" == "1" && -z "${PYTORCH_CUDA_ALLOC_CONF fi # ---- 2. LMCache CPU KV-offload --------------------------------------------- -HF_LMCACHE_KV_CONFIG="" if [[ "${HF_ENABLE_LMCACHE}" == "1" ]]; then _total_gb="$(awk '/MemTotal/{printf "%d", $2/1024/1024}' /proc/meminfo 2>/dev/null)" : "${_total_gb:=0}" @@ -43,3 +58,20 @@ if [[ "${HF_ENABLE_LMCACHE}" == "1" ]]; then unset _total_gb _cpu_gb fi export HF_LMCACHE_KV_CONFIG + +# ---- 3. Fast Hub weight downloads (hf-xet high-performance mode) ------------ +# Saturates network bandwidth and CPU cores for parallel chunk downloads — cuts +# model pull time on endpoint cold starts / scale-out. Successor to hf_transfer +# (huggingface_hub >= 1.0 removed HF_HUB_ENABLE_HF_TRANSFER). +if [[ "${HF_ENABLE_XET_HIGH_PERFORMANCE}" == "1" && -z "${HF_XET_HIGH_PERFORMANCE:-}" ]]; then + export HF_XET_HIGH_PERFORMANCE=1 + hf_opt_log "HF_XET_HIGH_PERFORMANCE=1" +fi + +# ---- 4. tokenizers fork guard ---------------------------------------------- +# Silences the fast-tokenizers fork warning and avoids the rare deadlock when +# tokenizers' Rust threadpool is forked into vLLM worker processes. +if [[ "${HF_ENABLE_TOKENIZERS_GUARD}" == "1" && -z "${TOKENIZERS_PARALLELISM:-}" ]]; then + export TOKENIZERS_PARALLELISM=false + hf_opt_log "TOKENIZERS_PARALLELISM=false" +fi From 57dab4ee382c1a958a1334831a55fd7fe79fe4fd Mon Sep 17 00:00:00 2001 From: DWarez Date: Mon, 13 Jul 2026 21:26:49 +0200 Subject: [PATCH 2/3] fix: production image field Signed-off-by: DWarez --- .github/config/image/huggingface-vllm/sagemaker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/config/image/huggingface-vllm/sagemaker.yml b/.github/config/image/huggingface-vllm/sagemaker.yml index 419171be3d8d..89c65287fb34 100644 --- a/.github/config/image/huggingface-vllm/sagemaker.yml +++ b/.github/config/image/huggingface-vllm/sagemaker.yml @@ -12,7 +12,7 @@ metadata: device_type: "gpu" job_type: "general" contributor: "huggingface" - prod_image: "huggingface-vllm:server-sagemaker-cuda-v1" + prod_image: "huggingface-vllm:0.22-gpu-py312-cu130-ubuntu22.04" build: dockerfile: "docker/huggingface/vllm/Dockerfile" From d74fa9e7c9c8409fb7f5199b7a3639f4fd6662d8 Mon Sep 17 00:00:00 2001 From: DWarez Date: Mon, 13 Jul 2026 22:35:20 +0200 Subject: [PATCH 3/3] fix: allowlist for CVE caused by vllm-openai The CVE comes from a reference in a stray text file (dist-packages/benchmarks/requirements.txt) shipped by the upstream vllm-openai base Signed-off-by: DWarez --- .../huggingface-vllm/framework_allowlist.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/security/data/ecr_scan_allowlist/huggingface-vllm/framework_allowlist.json b/test/security/data/ecr_scan_allowlist/huggingface-vllm/framework_allowlist.json index f1a180106314..cc93e1ce4b5f 100644 --- a/test/security/data/ecr_scan_allowlist/huggingface-vllm/framework_allowlist.json +++ b/test/security/data/ecr_scan_allowlist/huggingface-vllm/framework_allowlist.json @@ -103,5 +103,10 @@ "vulnerability_id": "CVE-2026-55574", "reason": "vllm 0.22.1; fixed only in 0.24.0, which would require changing the base vLLM DLC version — cannot be bumped independently of the base image", "review_by": "2026-09-25" + }, + { + "vulnerability_id": "CVE-2026-24747", + "reason": "false positive: torch 2.9.1 is referenced only in a stray text file (dist-packages/benchmarks/requirements.txt) shipped by the upstream vllm-openai base, not an installed package; the image's installed torch is 2.11.0, which already contains the 2.10.0 weights_only unpickler fix", + "review_by": "2026-09-25" } ]