[krupan]

Any PCIe device you plug into your computer has the same potential to do something nefarious. We already have problems where no two PCIe implementations interpret the spec the exact same way and they all have bugs. What you are hypothesizing isn't anything new.

[davrosthedalek]

The difference is that you don't need physical access anymore. You can convert a "good" device into a "bad" device via software.

[krupan]

This thread started with "gaping security hole" and I'm still not seeing that. Yes, if someone has a PCIe design that can exploit the root complex of the host, and if they have a way to remotely deploy it to an FPGA through this new kernel interface, then yes, that's an interesting new attack. Those are some big ifs though, I think.