diff --git a/xpm/core/xpm_security_hooks.c b/xpm/core/xpm_security_hooks.c
index 5fe5b37757acce3295cc8190221bfc48bbba040c..288ede30433e28ac8d4b7cb2d28b1ea9ec3c2e32 100644
--- a/xpm/core/xpm_security_hooks.c
+++ b/xpm/core/xpm_security_hooks.c
@@ -303,14 +303,21 @@ static int xpm_check_prot(struct vm_area_struct *vma, unsigned long prot)
 
 	/* check for xpm region vma prot */
 	if (vma->vm_flags & VM_XPM) {
-		if (is_anon || (prot & PROT_EXEC)) {
-			xpm_log_error("xpm region mmap not allow anonymous or exec permission");
+		if (is_anon) {
+			vma->vm_flags &= ~VM_XPM;
+			goto next_check;
+		}
+
+		if ((prot & PROT_WRITE) || (prot & PROT_EXEC)) {
+			xpm_log_error("xpm region mmap not allow write or exec permission");
+			report_mmap_event("xpm_check", TYPE_ABC, vma,  prot);
 			return -EPERM;
 		}
 
 		return 0;
 	}
 
+next_check:
 	/* check for anonymous vma prot, anonymous executable permission need
 	 * controled by selinux
 	 */
diff --git a/xpm/validator/exec_signature_info.c b/xpm/validator/exec_signature_info.c
index 9c02c4ffaf60bb70b26367b4ac2e1c0644e99609..2d0f02e2462ce53c7a7cf9e60e15b7b29b9a4a0b 100644
--- a/xpm/validator/exec_signature_info.c
+++ b/xpm/validator/exec_signature_info.c
@@ -486,13 +486,15 @@ static void insert_new_signature_info(struct inode *file_node, int type,
 	RB_CLEAR_NODE(&new_info->rb_node);
 	if ((*old_info) != NULL) {
 		write_lock(verity->lock);
-		rb_erase_node(verity->root, verity->node_count, *old_info);
-		(*old_info)->type |= FILE_SIGNATURE_DELETE;
-		write_unlock(verity->lock);
-		if (atomic_sub_return(1, &(*old_info)->reference) <= 0) {
-			kfree(*old_info);
-			*old_info = NULL;
+		if ((*old_info) != NULL) {
+			if (atomic_sub_return(1, &(*old_info)->reference) <= 0) {
+				rb_erase_node(verity->root, verity->node_count, *old_info);
+				(*old_info)->type |= FILE_SIGNATURE_DELETE;
+				kfree(*old_info);
+				*old_info = NULL;
+			}
 		}
+		write_unlock(verity->lock);
 	}
 
 	write_lock(verity->lock);