fix(VMM): use correct APTable encoding for table descriptors

fix(VMM): use correct APTable encoding for table descriptors

fix(vmm): changed flags to match ARMv8

Kernel/Source/VM/VMM.c

@@ -38,7 +38,11 @@ static inline Address* GetOrAllocateTable(Address* parentTable, Size index, UInt
         return newTableVirt;
     }
 
-    parentTable[index] |= (flags & kPTEUser);
+    // if user access requested, clear APTable bit to allow EL0 table walk.
+    // otherwise leave APTable as-is (kernel-only tables keep kPTETableNoEL0).
+    if (flags & kPTEUser) {
+        parentTable[index] &= ~kPTETableNoEL0;
+    }
 
     Address physAddress = GetPTEAddress(parentTable[index]);
     return GetVirtualTable(physAddress);
@@ -83,7 +87,13 @@ Address* VMMMapPage(Address* l0Table, Address phys, Address virt, UInt64 flags)
     Address* l0Virt = l0Table;
     if (isInitialized) l0Virt = (Address*)VMPhysToHHDM((Address)l0Table);
 
-    UInt64 directoryFlags = kPTEValid | kPTETable | (flags & kPTEUser);
+    // build directory flags for table descriptors
+    // APTable=01 (kPTETableNoEL0) blocks EL0 entirely - used for kernel-only subtrees.
+    // APTable=00 allows EL0 access by leaf page permissions - used for user mappings.
+    UInt64 directoryFlags = kPTEValid | kPTETable;
+    if (!(flags & kPTEUser)) {
+        directoryFlags |= kPTETableNoEL0;
+    }
 
     Address* l1Virt = GetOrAllocateTable(l0Virt, l0Index, flags, directoryFlags);
     if (!l1Virt) return nullptr;