diff --git a/memory_security/README_zh.md b/memory_security/README_zh.md
index 062ded536df9026741aa538561bc015bf93c45f9..f88df97d17b82d9cd43dd22f999b2194e0701afb 100644
--- a/memory_security/README_zh.md
+++ b/memory_security/README_zh.md
@@ -10,33 +10,64 @@ memory_security模块定制化内存的安全增强能力
 
 MEMORY_SECURITY/hideaddr模块通过检查渲染进程映射的匿名内存是否具有可执行的权限，来针对性的将映射后的内存地址的start和end值设置为NULL，以此达到隐藏内存地址的目的
 
-#### 1.进程类型检查
+#### 1. 进程类型检查
 
 通过进程的selinux安全上下文来判定当前proc/[pid]/maps中的pid对应的进程是否为渲染进程
 
-#### 2.匿名内存区域权限检查
+#### 2. 匿名内存区域权限检查
 
 内存区域的权限由vm_flags_t结构体的 flags成员呈现，通过检查flags是否具有-x-权限来决定是否将其所对应的地址隐藏起来。
 
+### MEMORT_SECURITY/jit_memory 模块
+
+MEMORT_SECURITY/jit_memory模块禁止渲染进程直接申请匿名可执行内存，以及限制将已申请的内存变更为可执行的内存，渲染进程在申请匿名可执行内存前首先需要在`mmap`时携带`flag &= MAP_JIT`，然后该段内存才可以在之后通过`mprotect`变更为可执行的内存。
+
+#### 1. 进程类型检查
+
+通过进程的selinux安全上下文来判定当前proc/[pid]/maps中的pid对应的进程是否为渲染进程
+
+#### 2. 可执行内存预申请
+进程在申请匿名可执行内存前首先需要在`mmap`时携带`flag &= MAP_JIT`，即预先声明该段内存之后会被用于存储可执行的代码段，在之后运行时才可使用`mprotect`将其更改为可执行的内存。
+
 ## 目录
 
 ## MEMORY_SECURITY执行权限管控的主要代码目录结构如下：
 
 ```
 # 代码路径 /kernel/linux/common_modules/memory_security
-├── hideaddr.h                   # memory_security 头文件
-├── hideaddr.c                   # memory_security 管控代码
-├── Konfig
-├── Makefile
+│  module.c                      # memory_security 模块初始化
+│  apply_hideaddr.sh
+│  README_zh.md
+│  Kconfig
+│  Makefile
+│  
+├─src
+│      jit_memory.c              # jit_memory 接口
+│      jit_process.c             # jit_memory 进程相关
+│      hideaddr.c                # hide_addr 挂载与实现
+│      jit_space_list.c          # jit_memory 进程所拥有内存相关
+│      jit_memory_module.c       # jit_memory 模块挂载
+│      
+└─include
+        jit_memory.h
+        jit_memory_log.h
+        jit_process.h
+        hideaddr.h
+        jit_memory_module.h
+        jit_space_list.h
+
 ```
 
 ## MEMORY_SECURITY配置指导
+1. MEMORY_SECURITY使能：`CONFIG_MEMORY_SECURTIY=y`
 
-1. MEMORY_SECURITY/HIDEADDR使能
-   `CONFIG_HIDE_MEM_ADDRESS=y`
+   **只有在启用MEMORYSECURITY后，HIDEADDR与JIT_MEMORY才可以被正常使能。**
+2. MEMORY_SECURITY禁用：`CONFIG_MEMORY_SECURTIY=n`
 
-2. MEMORY_SECURITY/HIDEADDR禁用
-   `CONFIG_HIDE_MEM_ADDRESS=n`
+3. MEMORY_SECURITY/JIT_MEM_CONTROL使能: `CONFIG_JIT_MEM_CTRL=y`
+4. MEMORY_SECURITY/JIT_MEM_CONTROL禁用: `CONFIG_JIT_MEM_CTRL=n`
+5. MEMORY_SECURITY/HIDEADDR禁用: `CONFIG_HIDE_MEM_ADDRESS=y`
+6. MEMORY_SECURITY/HIDEADDR禁用: `CONFIG_HIDE_MEM_ADDRESS=n`
 
 ## 相关仓
 
diff --git a/memory_security/include/jit_memory.h b/memory_security/include/jit_memory.h
index d548795bc2110c8185e705c027b26b1b12979961..d3707550c715789f6b8c871f16b913ef4ad7c952 100644
--- a/memory_security/include/jit_memory.h
+++ b/memory_security/include/jit_memory.h
@@ -12,7 +12,7 @@
 
 extern void find_jit_memory(struct task_struct *task, unsigned long start, unsigned long size, int *err);
 extern void check_jit_memory(struct task_struct *task, unsigned long cookie, unsigned long prot,
-	unsigned long start, unsigned long size, int *err);
+	unsigned long flag, unsigned long size, unsigned long *err);
 extern void delete_jit_memory(struct task_struct *task, unsigned long start, unsigned long size, int *err);
 extern void exit_jit_memory(struct task_struct *task);
 
diff --git a/memory_security/include/jit_process.h b/memory_security/include/jit_process.h
index 269bff821dd326584250856dc036c71fbf3be348..b5013c34ab706c2467177f564186444a3c4f1d05 100644
--- a/memory_security/include/jit_process.h
+++ b/memory_security/include/jit_process.h
@@ -15,6 +15,6 @@ struct result_of_find_process {
 
 
 struct result_of_find_process find_process_jit_space(struct rb_root *root, int pid);
-struct list_head *update_process_jit_space(struct rb_root *root, int pid, unsigned long cookie, int *err);
+struct list_head *update_process_jit_space(struct rb_root *root, int pid, unsigned long cookie, unsigned long *err);
 struct jit_process *delete_process_jit_space(struct rb_root *root, int pid);
 #endif // _JIT_PROCESS_H
\ No newline at end of file
diff --git a/memory_security/src/jit_memory.c b/memory_security/src/jit_memory.c
index aa60a8645ccf23091bbd4d5f790002d3df507e5d..1e72b70a2fa032fbb4c5e3a450d0ff578261b096 100644
--- a/memory_security/src/jit_memory.c
+++ b/memory_security/src/jit_memory.c
@@ -44,10 +44,11 @@ void find_jit_memory(struct task_struct *task, unsigned long start, unsigned lon
 }
 
 void check_jit_memory(struct task_struct *task, unsigned long cookie, unsigned long prot,
-	unsigned long start, unsigned long size, int *err)
+	unsigned long flag, unsigned long size, unsigned long *err)
 {
-	if (!jit_avc_has_perm(SECCLASS_JIT_MEMORY, JIT_MEMORY__EXEC_MEM_CTRL, task))
+	if (!jit_avc_has_perm(SECCLASS_JIT_MEMORY, JIT_MEMORY__EXEC_MEM_CTRL, task) || !(flag & MAP_ANONYMOUS))
 		return;
+	unsigned long start = *err;
 
 	if (prot & PROT_EXEC) {
 		jit_memory_log_info("JITINFO can not apply prot_exec");
@@ -55,8 +56,11 @@ void check_jit_memory(struct task_struct *task, unsigned long cookie, unsigned l
 		vm_munmap(start, size);
 		return;
 	}
+	if (!(flag & MAP_JIT))
+		return;
+
 	struct list_head *head = update_process_jit_space(&root_tree, task->pid, cookie, err);
-	if (*err) {
+	if (IS_ERR_VALUE(*err)) {
 		vm_munmap(start, size);
 		return;
 	}
diff --git a/memory_security/src/jit_process.c b/memory_security/src/jit_process.c
index 6a1ada33d20386cc7225e7d9de6b505d8a15ba9e..be67f4d74e3d9ac1be78bdb3fd8dabe7bf18c1e1 100644
--- a/memory_security/src/jit_process.c
+++ b/memory_security/src/jit_process.c
@@ -39,7 +39,7 @@ struct result_of_find_process find_process_jit_space(struct rb_root *root, int p
 }
 
 struct list_head *update_process_jit_space(struct rb_root *root,
-	int pid, unsigned long cookie, int *err)
+	int pid, unsigned long cookie, unsigned long *err)
 {
 	struct result_of_find_process result = find_process_jit_space(root, pid);