there was a off by one error when reading the end of the 1mb range causing it to
return bad offset/count. code changed to also allow write access to the vga
framebuffers (0xa0000-0xaffff) and (0xb0000-0xbffff) so realemu can propery
switch to text mode and clear the framebuffer.

Reference: /n/sources/patch/applied/realmodemem-vgamem
Date: Sun Mar  6 06:01:13 CET 2011
Signed-off-by: cinap_lenrek@gmx.de

--- /sys/src/9/pc/realmode.c	Sun Mar  6 05:57:36 2011
+++ /sys/src/9/pc/realmode.c	Mon Mar  7 23:22:11 2011
@@ -100,19 +100,24 @@
 static long
 rmemrw(int isr, void *a, long n, vlong off)
 {
-	if(off >= 1024*1024 || off+n >= 1024*1024)
-		return 0;
-	if(off < 0 || n < 0)
-		error("bad offset/count");
-	if(isr)
+	if(isr){
+		if(off >= MB)
+			return 0;
+		if(off+n >= MB)
+			n = MB - off;
 		memmove(a, KADDR((ulong)off), n);
-	else{
-		/* writes are more restricted */
-		if(LORMBUF <= off && off < LORMBUF+BY2PG
-		&& off+n <= LORMBUF+BY2PG)
-			{}
-		else
+	}else{
+		for(;;){
+			if(off < MB && off+n <= MB){
+				/* realmode buffer page */
+				if(off >= LORMBUF && off+n <= LORMBUF+BY2PG)
+					break;
+				/* allow access to vga framebuffers */
+				if(off >= 0xA0000 && off+n <= 0xB0000+0x10000)
+					break;
+			}
 			error("bad offset/count in write");
+		}
 		memmove(KADDR((ulong)off), a, n);
 	}
 	return n;