Have you confirmed that the protection from these `vm_region_info_t`s is accurate under Rosetta?
Yeah it is accurate (in process that is, since that is the Rosetta wrapped version).
Also modern dotnet with `DOTNET_EnableWriteXorExecute=0` hammers this exact use case quite hard and I haven't seen it fail there once.
I think some of the issues in combination with Rosetta and the current write watch implementation is that both Rosetta and Wine are flipping pages back and forth from RX to RW to implement their respective functionality and Rosetta doing a bit of an imperfect job sometimes in what it reports in the page fault handler.
Creating the vm shadow object here is happening fully on the kernel side of things and is also correctly visible cross-process (unlike Rosetta RWX reporting).