This thread started with "gaping security hole" and I'm still not seeing that. Yes, if someone has a PCIe design that can exploit the root complex of the host, and if they have a way to remotely deploy it to an FPGA through this new kernel interface, then yes, that's an interesting new attack. Those are some big ifs though, I think.