diff --git a/device_tree.c b/device_tree.c
index 4fc078159..e213323dc 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -25,34 +25,35 @@
 
 #include <libfdt.h>
 
-void *load_device_tree(const char *filename_path, void *load_addr)
+void *load_device_tree(const char *filename_path, int *sizep)
 {
-    int dt_file_size;
+    int dt_size;
     int dt_file_load_size;
     int new_dt_size;
     int ret;
-    void *dt_file = NULL;
-    void *fdt;
+    void *fdt = NULL;
 
-    dt_file_size = get_image_size(filename_path);
-    if (dt_file_size < 0) {
+    *sizep = 0;
+    dt_size = get_image_size(filename_path);
+    if (dt_size < 0) {
         printf("Unable to get size of device tree file '%s'\n",
             filename_path);
         goto fail;
     }
 
+    /* Expand to 2x size to give enough room for manipulation.  */
+    dt_size *= 2;
     /* First allocate space in qemu for device tree */
-    dt_file = qemu_mallocz(dt_file_size);
+    fdt = qemu_mallocz(dt_size);
 
-    dt_file_load_size = load_image(filename_path, dt_file);
+    dt_file_load_size = load_image(filename_path, fdt);
+    if (dt_file_load_size < 0) {
+        printf("Unable to open device tree file '%s'\n",
+               filename_path);
+        goto fail;
+    }
 
-    /* Second we place new copy of 2x size in guest memory
-     * This give us enough room for manipulation.
-     */
-    new_dt_size = dt_file_size * 2;
-
-    fdt = load_addr;
-    ret = fdt_open_into(dt_file, fdt, new_dt_size);
+    ret = fdt_open_into(fdt, fdt, dt_size);
     if (ret) {
         printf("Unable to copy device tree in memory\n");
         goto fail;
@@ -64,12 +65,11 @@ void *load_device_tree(const char *filename_path, void *load_addr)
             filename_path);
         goto fail;
     }
-    /* free qemu memory with old device tree */
-    qemu_free(dt_file);
+    *sizep = dt_size;
     return fdt;
 
 fail:
-    qemu_free(dt_file);
+    qemu_free(fdt);
     return NULL;
 }
 
diff --git a/device_tree.h b/device_tree.h
index 9e6ef3d8e..f05c4e731 100644
--- a/device_tree.h
+++ b/device_tree.h
@@ -14,7 +14,7 @@
 #ifndef __DEVICE_TREE_H__
 #define __DEVICE_TREE_H__
 
-void *load_device_tree(const char *filename_path, void *load_addr);
+void *load_device_tree(const char *filename_path, int *sizep);
 
 int qemu_devtree_setprop(void *fdt, const char *node_path,
                          const char *property, uint32_t *val_array, int size);
diff --git a/hw/ppc440_bamboo.c b/hw/ppc440_bamboo.c
index c407b1863..b249e00c6 100644
--- a/hw/ppc440_bamboo.c
+++ b/hw/ppc440_bamboo.c
@@ -27,7 +27,7 @@
 
 #define BINARY_DEVICE_TREE_FILE "bamboo.dtb"
 
-static void *bamboo_load_device_tree(void *addr,
+static void *bamboo_load_device_tree(target_phys_addr_t addr,
                                      uint32_t ramsize,
                                      target_phys_addr_t initrd_base,
                                      target_phys_addr_t initrd_size,
@@ -37,6 +37,7 @@ static void *bamboo_load_device_tree(void *addr,
 #ifdef HAVE_FDT
     uint32_t mem_reg_property[] = { 0, 0, ramsize };
     char *path;
+    int fdt_size;
     int pathlen;
     int ret;
 
@@ -45,7 +46,7 @@ static void *bamboo_load_device_tree(void *addr,
 
     snprintf(path, pathlen, "%s/%s", bios_dir, BINARY_DEVICE_TREE_FILE);
 
-    fdt = load_device_tree(path, addr);
+    fdt = load_device_tree(path, &fdt_size);
     free(path);
     if (fdt == NULL)
         goto out;
@@ -75,6 +76,8 @@ static void *bamboo_load_device_tree(void *addr,
     if (kvm_enabled())
         kvmppc_fdt_update(fdt);
 
+    cpu_physical_memory_write (addr, (void *)fdt, fdt_size);
+
 out:
 #endif
 
@@ -165,7 +168,7 @@ static void bamboo_init(ram_addr_t ram_size, int vga_ram_size,
         else
             dt_base = kernel_size + loadaddr;
 
-        fdt = bamboo_load_device_tree(phys_ram_base + dt_base, ram_size,
+        fdt = bamboo_load_device_tree(dt_base, ram_size,
                                       initrd_base, initrd_size, kernel_cmdline);
         if (fdt == NULL) {
             fprintf(stderr, "couldn't load device tree\n");
diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 868dd90c0..50ad8149e 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -71,7 +71,7 @@ out:
 }
 #endif
 
-static void *mpc8544_load_device_tree(void *addr,
+static void *mpc8544_load_device_tree(target_phys_addr_t addr,
                                      uint32_t ramsize,
                                      target_phys_addr_t initrd_base,
                                      target_phys_addr_t initrd_size,
@@ -81,6 +81,7 @@ static void *mpc8544_load_device_tree(void *addr,
 #ifdef HAVE_FDT
     uint32_t mem_reg_property[] = {0, ramsize};
     char *path;
+    int fdt_size;
     int pathlen;
     int ret;
 
@@ -89,7 +90,7 @@ static void *mpc8544_load_device_tree(void *addr,
 
     snprintf(path, pathlen, "%s/%s", bios_dir, BINARY_DEVICE_TREE_FILE);
 
-    fdt = load_device_tree(path, addr);
+    fdt = load_device_tree(path, &fdt_size);
     qemu_free(path);
     if (fdt == NULL)
         goto out;
@@ -142,6 +143,8 @@ static void *mpc8544_load_device_tree(void *addr,
         mpc8544_copy_soc_cell(fdt, buf, "timebase-frequency");
     }
 
+    cpu_physical_memory_write (addr, (void *)fdt, fdt_size);
+
 out:
 #endif
 
@@ -259,7 +262,7 @@ static void mpc8544ds_init(ram_addr_t ram_size, int vga_ram_size,
 
     /* If we're loading a kernel directly, we must load the device tree too. */
     if (kernel_filename) {
-        fdt = mpc8544_load_device_tree(phys_ram_base + dt_base, ram_size,
+        fdt = mpc8544_load_device_tree(dt_base, ram_size,
                                       initrd_base, initrd_size, kernel_cmdline);
         if (fdt == NULL) {
             fprintf(stderr, "couldn't load device tree\n");