Skip to content

[ML] Revert #2991 and #2936#2995

Merged
valeriy42 merged 3 commits intoelastic:mainfrom
valeriy42:revert-pytorch-hardening
Mar 13, 2026
Merged

[ML] Revert #2991 and #2936#2995
valeriy42 merged 3 commits intoelastic:mainfrom
valeriy42:revert-pytorch-hardening

Conversation

@valeriy42
Copy link
Contributor

@valeriy42 valeriy42 commented Mar 13, 2026

A change in PyTorch inference caused a large number of tests to fail. We need to figure out what's gone wrong.

@valeriy42 valeriy42 requested a review from darius-vil March 13, 2026 15:59
@prodsecmachine
Copy link

prodsecmachine commented Mar 13, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@thecoop thecoop mentioned this pull request Mar 13, 2026
Merged
@valeriy42 valeriy42 added the ci:run-qa-tests Run a subset of the QA tests label Mar 13, 2026
@valeriy42
Copy link
Contributor Author

valeriy42 commented Mar 13, 2026

buildkite run_qa_tests

@valeriy42 valeriy42 merged commit 4f1ec3e into elastic:main Mar 13, 2026
17 checks passed
edsavage added a commit to edsavage/ml-cpp that referenced this pull request Mar 15, 2026
@edsavage
Revert "[ML] Revert elastic#2991 and elastic#2936 (elastic#2995)"
efb9d68 
This reverts commit 4f1ec3e.
@edsavage edsavage mentioned this pull request Mar 15, 2026
Merged
3 tasks
edsavage added a commit that referenced this pull request Mar 19, 2026
@edsavage
[ML] Harden pytorch_inference with TorchScript model graph validation (
d3df09c 
…#2999)

Re-applies #2936 and #2991 which were reverted in #2995.

  -  Adds a static TorchScript graph validation layer (CModelGraphValidator, CSupportedOperations) that rejects models containing operations not observed in supported transformer architectures, reducing the attack surface by ensuring only known-safe operation sets are permitted.
   - Includes aten::mul_ and quantized::linear_dynamic in the allowed operations for dynamically quantized models (e.g. ELSER v2 imported via Eland).
   - Adds Python extraction tooling (dev-tools/extract_model_ops/) to trace reference HuggingFace models and collect their op sets, with support for quantized variants.
   - Adds reference_model_ops.json golden file and C++ drift test to detect allowlist staleness on PyTorch upgrades.
   - Adds adversarial "evil model" integration tests to verify rejection of forbidden operations.
   - Adds CHANGELOG entry.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@darius-vil darius-vil darius-vil approved these changes

Assignees

No one assigned

Labels

ci:run-qa-tests Run a subset of the QA tests :ml >non-issue v9.4.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@valeriy42 @prodsecmachine @darius-vil