Yet more phys_ram_base elimination.

Signed-off-by: Paul Brook <paul@cofdesourcery.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7067 c046a42c-6fe2-441c-8c8c-71466251a162
diff --git a/hw/nseries.c b/hw/nseries.c
index f69872e..b40004f 100644
--- a/hw/nseries.c
+++ b/hw/nseries.c
@@ -1342,6 +1342,7 @@
 
     if (option_rom[0] && (boot_device[0] == 'n' || !kernel_filename)) {
         int rom_size;
+        uint8_t nolo_tags[0x10000];
         /* No, wait, better start at the ROM.  */
         s->cpu->env->regs[15] = OMAP2_Q2_BASE + 0x400000;
 
@@ -1359,7 +1360,8 @@
                                        sdram_size - 0x400000);
         printf("%i bytes of image loaded\n", rom_size);
 
-        n800_setup_nolo_tags(phys_ram_base + sdram_size);
+        n800_setup_nolo_tags(nolo_tags);
+        cpu_physical_memory_write(OMAP2_SRAM_BASE, nolo_tags, 0x10000);
     }
     /* FIXME: We shouldn't really be doing this here.  The LCD controller
        will set the size once configured, so this just sets an initial
@@ -1412,7 +1414,7 @@
     .name = "n800",
     .desc = "Nokia N800 tablet aka. RX-34 (OMAP2420)",
     .init = n800_init,
-    .ram_require = (0x08000000 + 0x00010000 + OMAP242X_SRAM_SIZE) |
+    .ram_require = (0x08000000 + 0x00018000 + OMAP242X_SRAM_SIZE) |
             RAMSIZE_FIXED,
 };
 
@@ -1420,6 +1422,6 @@
     .name = "n810",
     .desc = "Nokia N810 tablet aka. RX-44 (OMAP2420)",
     .init = n810_init,
-    .ram_require = (0x08000000 + 0x00010000 + OMAP242X_SRAM_SIZE) |
+    .ram_require = (0x08000000 + 0x00018000 + OMAP242X_SRAM_SIZE) |
             RAMSIZE_FIXED,
 };
diff --git a/hw/omap_dss.c b/hw/omap_dss.c
index 67b2b02..4917c59 100644
--- a/hw/omap_dss.c
+++ b/hw/omap_dss.c
@@ -582,25 +582,6 @@
     omap_disc_write,
 };
 
-static void *omap_rfbi_get_buffer(struct omap_dss_s *s)
-{
-    target_phys_addr_t fb;
-    uint32_t pd;
-
-    /* TODO */
-    fb = s->dispc.l[0].addr[0];
-
-    pd = cpu_get_physical_page_desc(fb);
-    if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM)
-        /* TODO */
-        cpu_abort(cpu_single_env, "%s: framebuffer outside RAM!\n",
-                        __FUNCTION__);
-    else
-        return phys_ram_base +
-                (pd & TARGET_PAGE_MASK) +
-                (fb & ~TARGET_PAGE_MASK);
-}
-
 static void omap_rfbi_transfer_stop(struct omap_dss_s *s)
 {
     if (!s->rfbi.busy)
@@ -614,8 +595,11 @@
 static void omap_rfbi_transfer_start(struct omap_dss_s *s)
 {
     void *data;
-    size_t len;
+    target_phys_addr_t len;
+    target_phys_addr_t data_addr;
     int pitch;
+    static void *bounce_buffer;
+    static target_phys_addr_t bounce_len;
 
     if (!s->rfbi.enable || s->rfbi.busy)
         return;
@@ -633,10 +617,24 @@
 
     s->rfbi.busy = 1;
 
-    data = omap_rfbi_get_buffer(s);
+    len = s->rfbi.pixels * 2;
+
+    data_addr = s->dispc.l[0].addr[0];
+    data = cpu_physical_memory_map(data_addr, &len, 0);
+    if (data && len != s->rfbi.pixels * 2) {
+        cpu_physical_memory_unmap(data, len, 0, 0);
+        data = NULL;
+        len = s->rfbi.pixels * 2;
+    }
+    if (!data) {
+        if (len > bounce_len) {
+            bounce_buffer = qemu_realloc(bounce_buffer, len);
+        }
+        data = bounce_buffer;
+        cpu_physical_memory_read(data_addr, data, len);
+    }
 
     /* TODO bpp */
-    len = s->rfbi.pixels * 2;
     s->rfbi.pixels = 0;
 
     /* TODO: negative values */
@@ -647,6 +645,10 @@
     if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1])
         s->rfbi.chip[1]->block(s->rfbi.chip[1]->opaque, 1, data, len, pitch);
 
+    if (data != bounce_buffer) {
+        cpu_physical_memory_unmap(data, len, 0, len);
+    }
+
     omap_rfbi_transfer_stop(s);
 
     /* TODO */
diff --git a/hw/onenand.c b/hw/onenand.c
index 510119f..6aacff6 100644
--- a/hw/onenand.c
+++ b/hw/onenand.c
@@ -642,7 +642,7 @@
     s->otp = memset(qemu_malloc((64 + 2) << PAGE_SHIFT),
                     0xff, (64 + 2) << PAGE_SHIFT);
     s->ram = qemu_ram_alloc(0xc000 << s->shift);
-    ram = phys_ram_base + s->ram;
+    ram = qemu_get_ram_ptr(s->ram);
     s->boot[0] = ram + (0x0000 << s->shift);
     s->boot[1] = ram + (0x8000 << s->shift);
     s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift);
diff --git a/hw/pflash_cfi01.c b/hw/pflash_cfi01.c
index e41cf69..9878410 100644
--- a/hw/pflash_cfi01.c
+++ b/hw/pflash_cfi01.c
@@ -519,7 +519,8 @@
 
     pfl = qemu_mallocz(sizeof(pflash_t));
 
-    pfl->storage = phys_ram_base + off;
+    /* FIXME: Allocate ram ourselves.  */
+    pfl->storage = qemu_get_ram_ptr(off);
     pfl->fl_mem = cpu_register_io_memory(0,
                     pflash_read_ops, pflash_write_ops, pfl);
     pfl->off = off;
diff --git a/hw/pflash_cfi02.c b/hw/pflash_cfi02.c
index 1f58211..799398c 100644
--- a/hw/pflash_cfi02.c
+++ b/hw/pflash_cfi02.c
@@ -557,7 +557,8 @@
         return NULL;
 #endif
     pfl = qemu_mallocz(sizeof(pflash_t));
-    pfl->storage = phys_ram_base + off;
+    /* FIXME: Allocate ram ourselves.  */
+    pfl->storage = qemu_get_ram_ptr(off);
     pfl->fl_mem = cpu_register_io_memory(0, pflash_read_ops, pflash_write_ops,
                                          pfl);
     pfl->off = off;
diff --git a/hw/ppc.c b/hw/ppc.c
index b534e39..e9f1724 100644
--- a/hw/ppc.c
+++ b/hw/ppc.c
@@ -1257,7 +1257,7 @@
     NVRAM_set_lword(nvram,  0x3C, kernel_size);
     if (cmdline) {
         /* XXX: put the cmdline in NVRAM too ? */
-        strcpy((char *)(phys_ram_base + CMDLINE_ADDR), cmdline);
+        pstrcpy_targphys(CMDLINE_ADDR, RAM_size - CMDLINE_ADDR, cmdline);
         NVRAM_set_lword(nvram,  0x40, CMDLINE_ADDR);
         NVRAM_set_lword(nvram,  0x44, strlen(cmdline));
     } else {
diff --git a/hw/ppc405.h b/hw/ppc405.h
index eebcef3..a18e948 100644
--- a/hw/ppc405.h
+++ b/hw/ppc405.h
@@ -78,7 +78,7 @@
                          target_phys_addr_t offset, qemu_irq irq,
                          CharDriverState *chr);
 /* On Chip Memory */
-void ppc405_ocm_init (CPUState *env, unsigned long offset);
+void ppc405_ocm_init (CPUState *env);
 /* I2C controller */
 void ppc405_i2c_init (CPUState *env, ppc4xx_mmio_t *mmio,
                       target_phys_addr_t offset, qemu_irq irq);
@@ -91,11 +91,11 @@
 CPUState *ppc405cr_init (target_phys_addr_t ram_bases[4],
                          target_phys_addr_t ram_sizes[4],
                          uint32_t sysclk, qemu_irq **picp,
-                         ram_addr_t *offsetp, int do_init);
+                         int do_init);
 CPUState *ppc405ep_init (target_phys_addr_t ram_bases[2],
                          target_phys_addr_t ram_sizes[2],
                          uint32_t sysclk, qemu_irq **picp,
-                         ram_addr_t *offsetp, int do_init);
+                         int do_init);
 /* IBM STBxxx microcontrollers */
 CPUState *ppc_stb025_init (target_phys_addr_t ram_bases[2],
                            target_phys_addr_t ram_sizes[2],
diff --git a/hw/ppc405_boards.c b/hw/ppc405_boards.c
index 945f095..cded197 100644
--- a/hw/ppc405_boards.c
+++ b/hw/ppc405_boards.c
@@ -192,7 +192,7 @@
     int index;
 
     /* XXX: fix this */
-    ram_bases[0] = 0x00000000;
+    ram_bases[0] = qemu_ram_alloc(0x08000000);
     ram_sizes[0] = 0x08000000;
     ram_bases[1] = 0x00000000;
     ram_sizes[1] = 0x00000000;
@@ -200,25 +200,26 @@
 #ifdef DEBUG_BOARD_INIT
     printf("%s: register cpu\n", __func__);
 #endif
-    env = ppc405ep_init(ram_bases, ram_sizes, 33333333, &pic, &sram_offset,
+    env = ppc405ep_init(ram_bases, ram_sizes, 33333333, &pic,
                         kernel_filename == NULL ? 0 : 1);
     /* allocate SRAM */
+    sram_size = 512 * 1024;
+    sram_offset = qemu_ram_alloc(sram_size);
 #ifdef DEBUG_BOARD_INIT
     printf("%s: register SRAM at offset %08lx\n", __func__, sram_offset);
 #endif
-    sram_size = 512 * 1024;
     cpu_register_physical_memory(0xFFF00000, sram_size,
                                  sram_offset | IO_MEM_RAM);
     /* allocate and load BIOS */
 #ifdef DEBUG_BOARD_INIT
     printf("%s: register BIOS\n", __func__);
 #endif
-    bios_offset = sram_offset + sram_size;
     fl_idx = 0;
 #ifdef USE_FLASH_BIOS
     index = drive_get_index(IF_PFLASH, 0, fl_idx);
     if (index != -1) {
         bios_size = bdrv_getlength(drives_table[index].bdrv);
+        bios_offset = qemu_ram_alloc(bios_size);
         fl_sectors = (bios_size + 65535) >> 16;
 #ifdef DEBUG_BOARD_INIT
         printf("Register parallel flash %d size " ADDRX " at offset %08lx "
@@ -239,7 +240,8 @@
         if (bios_name == NULL)
             bios_name = BIOS_FILENAME;
         snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_name);
-        bios_size = load_image(buf, phys_ram_base + bios_offset);
+        bios_offset = qemu_ram_alloc(BIOS_SIZE);
+        bios_size = load_image(buf, qemu_get_ram_ptr(bios_offset));
         if (bios_size < 0 || bios_size > BIOS_SIZE) {
             fprintf(stderr, "qemu: could not load PowerPC bios '%s'\n", buf);
             exit(1);
@@ -248,7 +250,6 @@
         cpu_register_physical_memory((uint32_t)(-bios_size),
                                      bios_size, bios_offset | IO_MEM_ROM);
     }
-    bios_offset += bios_size;
     /* Register FPGA */
 #ifdef DEBUG_BOARD_INIT
     printf("%s: register FPGA\n", __func__);
@@ -294,23 +295,20 @@
         env->gpr[3] = bdloc;
         kernel_base = KERNEL_LOAD_ADDR;
         /* now we can load the kernel */
-        kernel_size = load_image(kernel_filename, phys_ram_base + kernel_base);
+        kernel_size = load_image_targphys(kernel_filename, kernel_base,
+                                          ram_size - kernel_base);
         if (kernel_size < 0) {
             fprintf(stderr, "qemu: could not load kernel '%s'\n",
                     kernel_filename);
             exit(1);
         }
-        printf("Load kernel size " TARGET_FMT_ld " at " TARGET_FMT_lx
-               " %02x %02x %02x %02x\n", kernel_size, kernel_base,
-               *(char *)(phys_ram_base + kernel_base),
-               *(char *)(phys_ram_base + kernel_base + 1),
-               *(char *)(phys_ram_base + kernel_base + 2),
-               *(char *)(phys_ram_base + kernel_base + 3));
+        printf("Load kernel size " TARGET_FMT_ld " at " TARGET_FMT_lx,
+               kernel_size, kernel_base);
         /* load initrd */
         if (initrd_filename) {
             initrd_base = INITRD_LOAD_ADDR;
-            initrd_size = load_image(initrd_filename,
-                                     phys_ram_base + initrd_base);
+            initrd_size = load_image_targphys(initrd_filename, initrd_base,
+                                              ram_size - initrd_base);
             if (initrd_size < 0) {
                 fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
                         initrd_filename);
@@ -326,7 +324,7 @@
         if (kernel_cmdline != NULL) {
             len = strlen(kernel_cmdline);
             bdloc -= ((len + 255) & ~255);
-            memcpy(phys_ram_base + bdloc, kernel_cmdline, len + 1);
+            cpu_physical_memory_write(bdloc, (void *)kernel_cmdline, len + 1);
             env->gpr[6] = bdloc;
             env->gpr[7] = bdloc + len;
         } else {
@@ -344,8 +342,7 @@
 #ifdef DEBUG_BOARD_INIT
     printf("%s: Done\n", __func__);
 #endif
-    printf("bdloc %016lx %s\n",
-           (unsigned long)bdloc, (char *)(phys_ram_base + bdloc));
+    printf("bdloc %016lx\n", (unsigned long)bdloc);
 }
 
 QEMUMachine ref405ep_machine = {
@@ -511,14 +508,14 @@
     int index;
 
     /* RAM is soldered to the board so the size cannot be changed */
-    ram_bases[0] = 0x00000000;
+    ram_bases[0] = qemu_ram_alloc(0x04000000);
     ram_sizes[0] = 0x04000000;
-    ram_bases[1] = 0x04000000;
+    ram_bases[1] = qemu_ram_alloc(0x04000000);
     ram_sizes[1] = 0x04000000;
 #ifdef DEBUG_BOARD_INIT
     printf("%s: register cpu\n", __func__);
 #endif
-    env = ppc405ep_init(ram_bases, ram_sizes, 33333333, &pic, &bios_offset,
+    env = ppc405ep_init(ram_bases, ram_sizes, 33333333, &pic,
                         kernel_filename == NULL ? 0 : 1);
     /* allocate and load BIOS */
 #ifdef DEBUG_BOARD_INIT
@@ -532,6 +529,7 @@
         /* XXX: should check that size is 2MB */
         //        bios_size = 2 * 1024 * 1024;
         fl_sectors = (bios_size + 65535) >> 16;
+        bios_offset = qemu_ram_alloc(bios_size);
 #ifdef DEBUG_BOARD_INIT
         printf("Register parallel flash %d size " ADDRX " at offset %08lx "
                " addr " ADDRX " '%s' %d\n",
@@ -550,8 +548,9 @@
 #endif
         if (bios_name == NULL)
             bios_name = BIOS_FILENAME;
+        bios_offset = qemu_ram_alloc(BIOS_SIZE);
         snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_name);
-        bios_size = load_image(buf, phys_ram_base + bios_offset);
+        bios_size = load_image(buf, qemu_get_ram_ptr(bios_offset));
         if (bios_size < 0 || bios_size > BIOS_SIZE) {
             fprintf(stderr, "qemu: could not load PowerPC bios '%s'\n", buf);
             exit(1);
@@ -560,7 +559,6 @@
         cpu_register_physical_memory((uint32_t)(-bios_size),
                                      bios_size, bios_offset | IO_MEM_ROM);
     }
-    bios_offset += bios_size;
     /* Register Linux flash */
     index = drive_get_index(IF_PFLASH, 0, fl_idx);
     if (index != -1) {
@@ -574,6 +572,7 @@
                fl_idx, bios_size, bios_offset, (target_ulong)0xfc000000,
                bdrv_get_device_name(drives_table[index].bdrv));
 #endif
+        bios_offset = qemu_ram_alloc(bios_size);
         pflash_cfi02_register(0xfc000000, bios_offset,
                               drives_table[index].bdrv, 65536, fl_sectors, 1,
                               4, 0x0001, 0x22DA, 0x0000, 0x0000, 0x555, 0x2AA);
@@ -592,7 +591,8 @@
 #endif
         kernel_base = KERNEL_LOAD_ADDR;
         /* now we can load the kernel */
-        kernel_size = load_image(kernel_filename, phys_ram_base + kernel_base);
+        kernel_size = load_image_targphys(kernel_filename, kernel_base,
+                                          ram_size - kernel_base);
         if (kernel_size < 0) {
             fprintf(stderr, "qemu: could not load kernel '%s'\n",
                     kernel_filename);
@@ -601,8 +601,8 @@
         /* load initrd */
         if (initrd_filename) {
             initrd_base = INITRD_LOAD_ADDR;
-            initrd_size = load_image(initrd_filename,
-                                     phys_ram_base + initrd_base);
+            initrd_size = load_image_targphys(initrd_filename, initrd_base,
+                                              ram_size - initrd_base);
             if (initrd_size < 0) {
                 fprintf(stderr,
                         "qemu: could not load initial ram disk '%s'\n",
diff --git a/hw/ppc405_uc.c b/hw/ppc405_uc.c
index 79a951e..dfe1905 100644
--- a/hw/ppc405_uc.c
+++ b/hw/ppc405_uc.c
@@ -51,38 +51,38 @@
         bdloc = 0x01000000UL - sizeof(struct ppc4xx_bd_info_t);
     else
         bdloc = bd->bi_memsize - sizeof(struct ppc4xx_bd_info_t);
-    stl_raw(phys_ram_base + bdloc + 0x00, bd->bi_memstart);
-    stl_raw(phys_ram_base + bdloc + 0x04, bd->bi_memsize);
-    stl_raw(phys_ram_base + bdloc + 0x08, bd->bi_flashstart);
-    stl_raw(phys_ram_base + bdloc + 0x0C, bd->bi_flashsize);
-    stl_raw(phys_ram_base + bdloc + 0x10, bd->bi_flashoffset);
-    stl_raw(phys_ram_base + bdloc + 0x14, bd->bi_sramstart);
-    stl_raw(phys_ram_base + bdloc + 0x18, bd->bi_sramsize);
-    stl_raw(phys_ram_base + bdloc + 0x1C, bd->bi_bootflags);
-    stl_raw(phys_ram_base + bdloc + 0x20, bd->bi_ipaddr);
+    stl_phys(bdloc + 0x00, bd->bi_memstart);
+    stl_phys(bdloc + 0x04, bd->bi_memsize);
+    stl_phys(bdloc + 0x08, bd->bi_flashstart);
+    stl_phys(bdloc + 0x0C, bd->bi_flashsize);
+    stl_phys(bdloc + 0x10, bd->bi_flashoffset);
+    stl_phys(bdloc + 0x14, bd->bi_sramstart);
+    stl_phys(bdloc + 0x18, bd->bi_sramsize);
+    stl_phys(bdloc + 0x1C, bd->bi_bootflags);
+    stl_phys(bdloc + 0x20, bd->bi_ipaddr);
     for (i = 0; i < 6; i++)
-        stb_raw(phys_ram_base + bdloc + 0x24 + i, bd->bi_enetaddr[i]);
-    stw_raw(phys_ram_base + bdloc + 0x2A, bd->bi_ethspeed);
-    stl_raw(phys_ram_base + bdloc + 0x2C, bd->bi_intfreq);
-    stl_raw(phys_ram_base + bdloc + 0x30, bd->bi_busfreq);
-    stl_raw(phys_ram_base + bdloc + 0x34, bd->bi_baudrate);
+        stb_phys(bdloc + 0x24 + i, bd->bi_enetaddr[i]);
+    stw_phys(bdloc + 0x2A, bd->bi_ethspeed);
+    stl_phys(bdloc + 0x2C, bd->bi_intfreq);
+    stl_phys(bdloc + 0x30, bd->bi_busfreq);
+    stl_phys(bdloc + 0x34, bd->bi_baudrate);
     for (i = 0; i < 4; i++)
-        stb_raw(phys_ram_base + bdloc + 0x38 + i, bd->bi_s_version[i]);
+        stb_phys(bdloc + 0x38 + i, bd->bi_s_version[i]);
     for (i = 0; i < 32; i++)
-        stb_raw(phys_ram_base + bdloc + 0x3C + i, bd->bi_s_version[i]);
-    stl_raw(phys_ram_base + bdloc + 0x5C, bd->bi_plb_busfreq);
-    stl_raw(phys_ram_base + bdloc + 0x60, bd->bi_pci_busfreq);
+        stb_phys(bdloc + 0x3C + i, bd->bi_s_version[i]);
+    stl_phys(bdloc + 0x5C, bd->bi_plb_busfreq);
+    stl_phys(bdloc + 0x60, bd->bi_pci_busfreq);
     for (i = 0; i < 6; i++)
-        stb_raw(phys_ram_base + bdloc + 0x64 + i, bd->bi_pci_enetaddr[i]);
+        stb_phys(bdloc + 0x64 + i, bd->bi_pci_enetaddr[i]);
     n = 0x6A;
     if (flags & 0x00000001) {
         for (i = 0; i < 6; i++)
-            stb_raw(phys_ram_base + bdloc + n++, bd->bi_pci_enetaddr2[i]);
+            stb_phys(bdloc + n++, bd->bi_pci_enetaddr2[i]);
     }
-    stl_raw(phys_ram_base + bdloc + n, bd->bi_opbfreq);
+    stl_phys(bdloc + n, bd->bi_opbfreq);
     n += 4;
     for (i = 0; i < 2; i++) {
-        stl_raw(phys_ram_base + bdloc + n, bd->bi_iic_fast[i]);
+        stl_phys(bdloc + n, bd->bi_iic_fast[i]);
         n += 4;
     }
 
@@ -1021,12 +1021,12 @@
     ocm->dsacntl = dsacntl;
 }
 
-void ppc405_ocm_init (CPUState *env, unsigned long offset)
+void ppc405_ocm_init (CPUState *env)
 {
     ppc405_ocm_t *ocm;
 
     ocm = qemu_mallocz(sizeof(ppc405_ocm_t));
-    ocm->offset = offset;
+    ocm->offset = qemu_ram_alloc(4096);
     ocm_reset(ocm);
     qemu_register_reset(&ocm_reset, ocm);
     ppc_dcr_register(env, OCM0_ISARC,
@@ -2178,15 +2178,13 @@
 CPUState *ppc405cr_init (target_phys_addr_t ram_bases[4],
                          target_phys_addr_t ram_sizes[4],
                          uint32_t sysclk, qemu_irq **picp,
-                         ram_addr_t *offsetp, int do_init)
+                         int do_init)
 {
     clk_setup_t clk_setup[PPC405CR_CLK_NB];
     qemu_irq dma_irqs[4];
     CPUState *env;
     ppc4xx_mmio_t *mmio;
     qemu_irq *pic, *irqs;
-    ram_addr_t offset;
-    int i;
 
     memset(clk_setup, 0, sizeof(clk_setup));
     env = ppc4xx_init("405cr", &clk_setup[PPC405CR_CPU_CLK],
@@ -2209,9 +2207,6 @@
     *picp = pic;
     /* SDRAM controller */
     ppc4xx_sdram_init(env, pic[14], 1, ram_bases, ram_sizes, do_init);
-    offset = 0;
-    for (i = 0; i < 4; i++)
-        offset += ram_sizes[i];
     /* External bus controller */
     ppc405_ebc_init(env);
     /* DMA controller */
@@ -2233,7 +2228,6 @@
     ppc405_gpio_init(env, mmio, 0x700);
     /* CPU control */
     ppc405cr_cpc_init(env, clk_setup, sysclk);
-    *offsetp = offset;
 
     return env;
 }
@@ -2529,15 +2523,13 @@
 CPUState *ppc405ep_init (target_phys_addr_t ram_bases[2],
                          target_phys_addr_t ram_sizes[2],
                          uint32_t sysclk, qemu_irq **picp,
-                         ram_addr_t *offsetp, int do_init)
+                         int do_init)
 {
     clk_setup_t clk_setup[PPC405EP_CLK_NB], tlb_clk_setup;
     qemu_irq dma_irqs[4], gpt_irqs[5], mal_irqs[4];
     CPUState *env;
     ppc4xx_mmio_t *mmio;
     qemu_irq *pic, *irqs;
-    ram_addr_t offset;
-    int i;
 
     memset(clk_setup, 0, sizeof(clk_setup));
     /* init CPUs */
@@ -2565,9 +2557,6 @@
     /* SDRAM controller */
 	/* XXX 405EP has no ECC interrupt */
     ppc4xx_sdram_init(env, pic[17], 2, ram_bases, ram_sizes, do_init);
-    offset = 0;
-    for (i = 0; i < 2; i++)
-        offset += ram_sizes[i];
     /* External bus controller */
     ppc405_ebc_init(env);
     /* DMA controller */
@@ -2588,8 +2577,7 @@
         ppc405_serial_init(env, mmio, 0x400, pic[1], serial_hds[1]);
     }
     /* OCM */
-    ppc405_ocm_init(env, ram_sizes[0] + ram_sizes[1]);
-    offset += 4096;
+    ppc405_ocm_init(env);
     /* GPT */
     gpt_irqs[0] = pic[19];
     gpt_irqs[1] = pic[20];
@@ -2609,7 +2597,6 @@
     /* Uses pic[9], pic[15], pic[17] */
     /* CPU control */
     ppc405ep_cpc_init(env, clk_setup, sysclk);
-    *offsetp = offset;
 
     return env;
 }
diff --git a/hw/ppc4xx_devs.c b/hw/ppc4xx_devs.c
index c02cebf..ddee8f6 100644
--- a/hw/ppc4xx_devs.c
+++ b/hw/ppc4xx_devs.c
@@ -855,7 +855,7 @@
                                target_phys_addr_t ram_sizes[],
                                const unsigned int sdram_bank_sizes[])
 {
-    ram_addr_t ram_end = 0;
+    ram_addr_t size_left = ram_size;
     int i;
     int j;
 
@@ -863,24 +863,24 @@
         for (j = 0; sdram_bank_sizes[j] != 0; j++) {
             unsigned int bank_size = sdram_bank_sizes[j];
 
-            if (bank_size <= ram_size) {
-                ram_bases[i] = ram_end;
+            if (bank_size <= size_left) {
+                ram_bases[i] = qemu_ram_alloc(bank_size);
                 ram_sizes[i] = bank_size;
-                ram_end += bank_size;
-                ram_size -= bank_size;
+                size_left -= bank_size;
                 break;
             }
         }
 
-        if (!ram_size) {
+        if (!size_left) {
             /* No need to use the remaining banks. */
             break;
         }
     }
 
+    ram_size -= size_left;
     if (ram_size)
         printf("Truncating memory to %d MiB to fit SDRAM controller limits.\n",
-               (int)(ram_end >> 20));
+               (int)(ram_size >> 20));
 
-    return ram_end;
+    return ram_size;
 }
diff --git a/hw/soc_dma.h b/hw/soc_dma.h
index 47bc4ea..34b01d9 100644
--- a/hw/soc_dma.h
+++ b/hw/soc_dma.h
@@ -110,5 +110,5 @@
 static inline void soc_dma_port_add_mem_ram(struct soc_dma_s *dma,
                 ram_addr_t offset, target_phys_addr_t virt_base, size_t size)
 {
-    return soc_dma_port_add_mem(dma, phys_ram_base + offset, virt_base, size);
+    return soc_dma_port_add_mem(dma, qemu_get_ram_ptr(offset), virt_base, size);
 }
diff --git a/hw/virtio-balloon.c b/hw/virtio-balloon.c
index 0274bf6..079f498 100644
--- a/hw/virtio-balloon.c
+++ b/hw/virtio-balloon.c
@@ -94,7 +94,9 @@
             if ((addr & ~TARGET_PAGE_MASK) != IO_MEM_RAM)
                 continue;
 
-            balloon_page(phys_ram_base + addr, !!(vq == s->dvq));
+            /* Using qemu_get_ram_ptr is bending the rules a bit, but
+               should be OK because we only want a single page.  */
+            balloon_page(qemu_get_ram_ptr(addr), !!(vq == s->dvq));
         }
 
         virtqueue_push(vq, &elem, offset);