Write xor Execute (W^X) is a policy that a block (page) of memory cannot be marked as both writeable and executable at the same time.
What attacks does W^X prevent, with and without the following:
W^X and "Once-writable, never executable" are both sub-cases of DEP. DEP is about making read accesses, and execution accesses, distinct (a writable page is also a readable page). W^X is about using DEP to enforce a specific policy, which is that a given page can never be writable and executable at the same time.
Compliance to the W^X policy can be required from the programmer because writing "data" and then executing it reliably entails flushing some caches, which is an explicit and expensive operation. Going through the kernel (with a mprotect() call) is not a hard way to do that. On the other hand, forcing the programmer to do such things explicitly means that it will not happen in other situations, namely when an attacker tries to exploit a buffer overflow. This is a generalization of the "stack is not executable" feature. (The buffer overflow is still there, though; W^X just makes life harder for the attacker.)
The "once-writable, never executable" policy looks suspicious to me: it is incompatible with JIT compilers. Anyway, it would be a sub-case of W^X: like W^X, in which the transition W->X is forbidden.
