I have one GPU. Sometimes I want to play a Windows game. I did not want to dual-boot, and I refuse to keep a second machine just for it. So the GPU has to go into a Windows VM on demand, and come back to Linux when I close the VM.

This is called single-GPU passthrough. It is a real solution. It is also, depending on your desktop, more work than dual-booting. Here is what it actually costs and where I ended up.

What handing it over looks like#

The Linux kernel has a subsystem called VFIO. VFIO takes a PCI device away from its normal driver (the nvidia or amdgpu kernel module), exposes its MMIO regions to userspace, and lets a userspace process (in this case, QEMU) drive it directly. The guest sees the GPU exactly as if it were physical.

The dance, at VM startup:

  1. Inhibit host sleep so the screen does not blank mid-transition.
  2. Stop the display manager.
  3. Unbind the virtual terminal consoles from the GPU framebuffer.
  4. Unbind the firmware framebuffer (modern kernels: simpledrm; older: efifb).
  5. Unload the userspace GPU driver stack (nvidia, nvidia_modeset, nvidia_drm, nvidia_uvm, or amdgpu).
  6. Bind the GPU's PCI BDFs to vfio-pci.
  7. Constrain host workload to a few housekeeping cores via cgroup v2.
  8. Free host RAM. Drop caches, SIGSTOP heavy processes so their memory stays allocated but they do not contend.
  9. Allocate 2M transparent hugepages for the VM's memory backing.
  10. Start QEMU.

On VM shutdown, in reverse: undo every step. Unbind from VFIO, reload the GPU kernel module, rebind the framebuffer, start the display manager, release the housekeeping cores.

Libvirt has a hook mechanism that runs a shell script for each transition. About 200 lines if you are honest. Three times that if you want it to recover gracefully from every possible failure on every step.

What "you get it back" actually means#

The part the videos do not show.

The display manager (sddm in my case) is killed cleanly and restarted on VM shutdown. The X server or Wayland compositor comes back. Your desktop session does not.

Plasma 6.7's session management protocol restores window geometry when an application is launched in the next session. It does not restore an in-flight session that lost its compositor mid-air. Open browser tabs survive because Firefox saves session state. The text editor survives because Kate saves session state. The terminal multiplexer survives because tmux is a separate daemon. Anything relying on the running Plasma session to be the same Plasma session ten seconds from now does not survive.

That includes:

  • Pinned terminal positions on virtual desktops
  • The state of any unsaved file in any app that does not autosave
  • The clipboard history (KDE's klipper daemon dies with the session)
  • Connected Bluetooth devices that paired against the previous session
  • The current kwin workspace topology if you had custom rules

You learn to save everything before pressing Start VM. You learn faster than you would like.

The two paths that work#

Honest comparison after months of running this.

Single-GPU passthrough. The constrained-hardware path. Works. Defeats most anti-cheats (Vanguard, FACEIT, EAC, BattlEye) with the right combination of spoofing tiers and TPM 2.0 passthrough. Loses your desktop every time you start a game. About 200 lines of hook script. About forty hours of getting the script reliable.

iGPU + dGPU. Use a Ryzen 5/7/8000G/9000 APU, or a non-F Intel SKU, with an integrated GPU. The iGPU drives the Linux desktop. The dGPU sits idle until a VM starts, at which point VFIO grabs it without taking your display away. The desktop survives. Plasma survives. The hook script shrinks to forty lines. Anti-cheat ceiling is the same.

Looking back, I should have spent the cost of many evenings figuring out single-GPU on an APU instead. The APU costs $100 to $150 more than the F-suffix equivalent. The hours add up faster than the dollars.

If you are reading this and you have not bought the CPU yet, get the iGPU. The marginal cost is small. The marginal sanity is enormous.

The reset bugs#

Two GPU families have a function-level reset bug that affects passthrough. After the VM shuts down, the GPU is not in a state that the kernel's nvidia or amdgpu driver can pick back up. The host has to be rebooted to use the GPU again on Linux.

  • RTX 50 (Blackwell): NVIDIA confirmed the bug. One VM run per host boot. No clean workaround.
  • RX 7000 (RDNA3): AMD officially does not support PCI passthrough on the 7900 XTX. Reset is broken. The vendor-reset kernel module fixes some 6000-series cards but not 7000.

Both work fine in a two-GPU host where you never bring the dGPU back to Linux. They break specifically the single-GPU hand-back use case.

If you are passthrough-curious in 2026: RTX 30/40 and RX 6000/9000 are the safe brackets. Avoid RTX 50 unless you are committed to the reboot-after-each-VM workflow.

What I actually do now#

APU host with a discrete card next to it. The iGPU runs Plasma. The dGPU runs VFIO when I want it to. My script is short. My desktop survives. My anti-cheat ceiling is the same as it would be with single-GPU.

The single-GPU writeup is still in my notes because the techniques transfer. PCI BDF hunting, IOMMU group inspection, framebuffer driver unbinding, OVMF spoofing, TPM 2.0 EK chain passthrough are all the same on either layout. The only thing that changes is whether you keep your desktop.

If your constraint is one GPU, one slot, and you cannot change that, the single-GPU path works. Mine is in the notes for anyone with the same constraint. If your constraint is anything looser, get the APU. Future you will thank present you for the boring purchase.