I would perhaps s/like JIT// and add another sentence along the lines of, "This may be legitimately required by some programs, such as JIT compilers."

I think you need a P_WEXIT check here as you have below.

What's the point of unlocking the proc at all?

vmspace_acquire_ref() potentially results in the call to vmspace_free()->vmspace_dofree()->VM locking (e.g. sleepable vm map lock take)

I'm concerned by the different sense of the two flags, WXORX being enabled is equivalent to allow_wx=0.

this is why I desire positive sense flags (and why sysctl(9) recommends positive sense): this *_DISABLE flag enables something, which can be confusing

and *_ENABLE_* prevents something

This problem exists no matter what, it's just a question of what you're disabling: the mitigation, or the ability to create writeable, executable mappings. PROC_WXORX_DISABLE and PROC_WXORX_ENABLE_ON_EXEC both clearly refer to the mitigation.

A more explicit naming scheme would be to have PROC_PERMIT_WX_MAPPINGS and PROC_PERMIT_WX_MAPPINGS_ON_EXEC or something similar. That is, instead of referring to the mitigation, refer to the underlying capability. I think I slightly prefer that approach since it's a bit clearer and agrees with the sysctl.