Skip to content

Commit

Permalink
Merge changes from github.
Browse files Browse the repository at this point in the history
PiperOrigin-RevId: 189945839
  • Loading branch information
jpienaar authored and tensorflower-gardener committed Mar 21, 2018
1 parent cbede3e commit 2d0531d
Show file tree
Hide file tree
Showing 219 changed files with 4,312 additions and 990 deletions.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ organization for the purposes of conducting machine learning and deep neural
networks research. The system is general enough to be applicable in a wide
variety of other domains, as well.

Keep up to date with release announcements and security updates by
subscribing to
[[email protected]](https://groups.google.com/a/tensorflow.org/forum/#!forum/announce).

## Installation
*See [Installing TensorFlow](https://www.tensorflow.org/get_started/os_setup.html) for instructions on how to install our release binaries or how to build from source.*

Expand Down
16 changes: 8 additions & 8 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ report vulnerabilities in TensorFlow.

## TensorFlow models are programs

TensorFlow's runtime system interprets and executes programs. What machine
TensorFlow's runtime system interprets and executes programs. What machine
learning practitioners term
[**models**](https://developers.google.com/machine-learning/glossary/#model) are
expressed as programs that TensorFlow executes. TensorFlow programs are encoded
Expand All @@ -28,12 +28,12 @@ data you supply to TensorFlow to train a model, or to use a model to run
inference on the data.

**TensorFlow models are programs, and need to be treated as such from a security
perspective.**
perspective.**

## Running untrusted models

As a general rule: **Always** execute untrusted models inside a sandbox (e.g.,
[nsjail](https://github.com/google/nsjail)).
[nsjail](https://github.com/google/nsjail)).

There are several ways in which a model could become untrusted. Obviously, if an
untrusted party supplies TensorFlow kernels, arbitrary code may be executed.
Expand Down Expand Up @@ -109,11 +109,11 @@ graphs known to the `ModelServer`. This means that an attacker may run
graphs using untrusted inputs as described above, but they would not be able to
execute arbitrary graphs. It is possible to safely expose a `ModelServer`
directly to an untrusted network, **but only if the graphs it is configured to
use have been carefully audited to be safe**.
use have been carefully audited to be safe**.

Similar to best practices for other servers, we recommend running any
`ModelServer` with appropriate privileges (i.e., using a separate user with
reduced permisisons). In the spirit of defense in depth, we recommend
reduced permissions). In the spirit of defense in depth, we recommend
authenticating requests to any TensorFlow server connected to an untrusted
network, as well as sandboxing the server to minimize the adverse effects of
any breach.
Expand All @@ -129,11 +129,11 @@ with specially crafted inputs.
### What is a vulnerability?

Given TensorFlow's flexibility, it is possible to specify computation graphs
which exhibit unexpected or unwanted behaviors. The fact that TensorFlow models
which exhibit unexpected or unwanted behavior. The fact that TensorFlow models
can perform arbitrary computations means that they may read and write files,
communicate via the network, produce deadlocks and infinite loops, or run out
of memory. It is only when these behaviors are outside the specifications of the
operations involved that such behavior is a vulnerability.
operations involved that such behavior is a vulnerability.

A `FileWriter` writing a file is not unexpected behavior and therefore is not a
vulnerability in TensorFlow. A `MatMul` allowing arbitrary binary code execution
Expand Down Expand Up @@ -168,7 +168,7 @@ below).

Please use a descriptive subject line for your report email. After the initial
reply to your report, the security team will endeavor to keep you informed of
the progress being made towards a fix and announcement.
the progress being made towards a fix and announcement.

If you believe that an existing (public) issue is security-related, please send
an email to `[email protected]`. The email should include the issue ID and
Expand Down
5 changes: 4 additions & 1 deletion configure.py
Original file line number Diff line number Diff line change
Expand Up @@ -1048,7 +1048,10 @@ def is_compatible(tensorrt_lib, cuda_ver, cudnn_ver):

for lib_file in possible_files:
if is_compatible(lib_file, cuda_ver, cudnn_ver):
ver_str = nvinfer_pattern.search(lib_file).group(1)
matches = nvinfer_pattern.search(lib_file)
if len(matches.groups()) == 0:
continue
ver_str = matches.group(1)
ver = convert_version_to_int(ver_str) if len(ver_str) else 0
if ver > highest_ver[0]:
highest_ver = [ver, ver_str, lib_file]
Expand Down
9 changes: 1 addition & 8 deletions tensorflow/compiler/xla/service/generic_transfer_manager.cc
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,7 @@ namespace xla {

GenericTransferManager::GenericTransferManager(se::Platform::Id platform_id,
size_t pointer_size)
: platform_id_(platform_id), pointer_size_(pointer_size) {
// We currently only support kHostPlatformId for CPU, kCudaPlatformId for
// GPU and kInterpreterPlatformId for Interpreter. Before supporting other
// platforms, we need to test this transfer manager on them.
CHECK(platform_id_ == se::host::kHostPlatformId ||
platform_id_ == se::interpreter::kInterpreterPlatformId ||
platform_id_ == se::cuda::kCudaPlatformId);
}
: platform_id_(platform_id), pointer_size_(pointer_size) {}

se::Platform::Id GenericTransferManager::PlatformId() const {
return platform_id_;
Expand Down
2 changes: 1 addition & 1 deletion tensorflow/compiler/xla/tests/convolution_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -723,7 +723,7 @@ INSTANTIATE_TEST_CASE_P(
);
#endif

TEST_F(ConvolutionTest, Convolve_bf16_1x1x1x2_1x1x1x2_Valid) {
XLA_TEST_F(ConvolutionTest, Convolve_bf16_1x1x1x2_1x1x1x2_Valid) {
ComputationBuilder builder(client_, TestName());
Shape input_shape = ShapeUtil::MakeShape(BF16, {1, 1, 1, 2});
Shape filter_shape = ShapeUtil::MakeShape(BF16, {1, 1, 1, 2});
Expand Down
3 changes: 2 additions & 1 deletion tensorflow/contrib/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@ cc_library(
"//tensorflow/contrib/coder:all_kernels",
"//tensorflow/contrib/cudnn_rnn:cudnn_rnn_kernels",
"//tensorflow/contrib/data/kernels:dataset_kernels",
"//tensorflow/contrib/kafka:dataset_kernels",
"//tensorflow/contrib/factorization/kernels:all_kernels",
"//tensorflow/contrib/input_pipeline:input_pipeline_ops_kernels",
"//tensorflow/contrib/layers:sparse_feature_cross_op_kernel",
Expand All @@ -147,7 +148,7 @@ cc_library(
"//tensorflow/contrib/factorization:all_ops",
"//tensorflow/contrib/framework:all_ops",
"//tensorflow/contrib/input_pipeline:input_pipeline_ops_op_lib",
"//tensorflow/contrib/kafka:kafka_ops_op_lib",
"//tensorflow/contrib/kafka:dataset_ops_op_lib",
"//tensorflow/contrib/layers:sparse_feature_cross_op_op_lib",
"//tensorflow/contrib/nccl:nccl_ops_op_lib",
"//tensorflow/contrib/nearest_neighbor:nearest_neighbor_ops_op_lib",
Expand Down
12 changes: 7 additions & 5 deletions tensorflow/contrib/cmake/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,22 +26,24 @@ The CMake files in this directory can build the core TensorFlow runtime, an
example C++ binary, and a PIP package containing the runtime and Python
bindings.

### Pre-requisites
### Prerequisites

* CMake version 3.5 or later.

* [Git](https://git-scm.com)

* [SWIG](http://www.swig.org/download.html)

* Additional pre-requisites for Microsoft Windows:
* Additional prerequisites for Microsoft Windows:
- Visual Studio 2015
- Python 3.5
- NumPy 1.11.0 or later

* Additional pre-requisites for Linux:
* Additional prerequisites for Linux:
- Python 2.7 or later
- [Docker](https://www.docker.com/) (for automated testing)

* Python dependencies:
- wheel
- NumPy 1.11.0 or later

### Known-good configurations
Expand Down Expand Up @@ -102,7 +104,7 @@ ops or APIs.
Step-by-step Windows build
==========================

1. Install the pre-requisites detailed above, and set up your environment.
1. Install the prerequisites detailed above, and set up your environment.

* The following commands assume that you are using the Windows Command
Prompt (`cmd.exe`). You will need to set up your environment to use the
Expand Down
1 change: 1 addition & 0 deletions tensorflow/contrib/cmake/external/grpc.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ else()
set(grpc_STATIC_LIBRARIES
${CMAKE_CURRENT_BINARY_DIR}/grpc/src/grpc/libgrpc++_unsecure.a
${CMAKE_CURRENT_BINARY_DIR}/grpc/src/grpc/libgrpc_unsecure.a
${CMAKE_CURRENT_BINARY_DIR}/grpc/src/grpc/third_party/cares/cares/lib/libcares.a
${CMAKE_CURRENT_BINARY_DIR}/grpc/src/grpc/libgpr.a)
endif()

Expand Down
2 changes: 1 addition & 1 deletion tensorflow/contrib/cmake/external/protobuf.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ include (ExternalProject)

set(PROTOBUF_INCLUDE_DIRS ${CMAKE_CURRENT_BINARY_DIR}/protobuf/src/protobuf/src)
set(PROTOBUF_URL https://github.com/google/protobuf.git)
set(PROTOBUF_TAG 396336eb961b75f03b25824fe86cf6490fb75e3a)
set(PROTOBUF_TAG b04e5cba356212e4e8c66c61bbe0c3a20537c5b9)

if(WIN32)
if(${CMAKE_GENERATOR} MATCHES "Visual Studio.*")
Expand Down
4 changes: 4 additions & 0 deletions tensorflow/contrib/cmake/tf_tests.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -478,6 +478,10 @@ if (tensorflow_BUILD_CC_TESTS)
"${tensorflow_source_dir}/tensorflow/core/profiler/internal/advisor/*_test.cc"
)

list(REMOVE_ITEM tf_test_src_simple
${tf_core_profiler_test_srcs}
)

set(tf_test_lib tf_test_lib)
add_library(${tf_test_lib} STATIC ${tf_src_testlib})

Expand Down
4 changes: 4 additions & 0 deletions tensorflow/contrib/data/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
@@rejection_resample
@@scan
@@shuffle_and_repeat
@@sliding_window_batch
@@sloppy_interleave
@@unbatch
Expand Down Expand Up @@ -72,6 +73,9 @@
from tensorflow.contrib.data.python.ops.resampling import rejection_resample
from tensorflow.contrib.data.python.ops.scan_ops import scan
from tensorflow.contrib.data.python.ops.shuffle_ops import shuffle_and_repeat
from tensorflow.contrib.data.python.ops.sliding import sliding_window_batch
from tensorflow.python.data.ops.iterator_ops import Iterator
from tensorflow.python.ops.parsing_ops import parse_single_example_v2 as parse_single_example
# pylint: enable=unused-import

from tensorflow.python.util.all_util import remove_undocumented
Expand Down
17 changes: 17 additions & 0 deletions tensorflow/contrib/data/python/kernel_tests/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -498,6 +498,23 @@ py_test(
],
)

tf_py_test(
name = "slide_dataset_op_test",
size = "small",
srcs = ["slide_dataset_op_test.py"],
additional_deps = [
"//tensorflow/contrib/data/python/ops:dataset_ops",
"//tensorflow/contrib/data/python/ops:transformation_ops",
"//tensorflow/python:array_ops",
"//tensorflow/python:client_testlib",
"//tensorflow/python:dtypes",
"//tensorflow/python:errors",
"//tensorflow/python:math_ops",
"//tensorflow/python:sparse_tensor",
"//third_party/py/numpy",
],
)

filegroup(
name = "all_files",
srcs = glob(
Expand Down
4 changes: 1 addition & 3 deletions tensorflow/contrib/data/python/kernel_tests/resample_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -45,12 +45,10 @@ def _testDistribution(self, initial_known):
target_dist=target_dist,
initial_dist=initial_dist,
class_func=lambda c, _: c,
seed=27)).make_initializable_iterator())
init_op = iterator.initializer
seed=27)).make_one_shot_iterator())
get_next = iterator.get_next()

with self.test_session() as sess:
sess.run(init_op)
returned = []
with self.assertRaises(errors.OutOfRangeError):
while True:
Expand Down
Loading

0 comments on commit 2d0531d

Please sign in to comment.