Overlayfs always allocates a private copy for ofs->creator_creds.
So there is never going to be a task that uses ofs->creator_creds.
This means we can use an vfs debug assert to detect accidental
double credential overrides.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/overlayfs/util.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
index dc521f53d7a3..f41b9d825a0f 100644
--- a/fs/overlayfs/util.c
+++ b/fs/overlayfs/util.c
@@ -66,6 +66,8 @@ const struct cred *ovl_override_creds(struct super_block *sb)
 {
 	struct ovl_fs *ofs = OVL_FS(sb);
 
+	/* Detect callchains where we override credentials multiple times. */
+	VFS_WARN_ON_ONCE(current->cred == ofs->creator_cred);
 	return override_creds(ofs->creator_cred);
 }
 

-- 
2.47.3