it was introduced by this commmit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...

which by itself is in a 4.12 vanilla code tree

That commit is correct (4c48abe91be03d191d0c20cc755877da2cb35622), but it was not in 4.12 as cut by linus.

https://github.com/torvalds/linux/commit/4c48abe91be03d191d0... (click the little '...' to expand tags it's in) or:

    $ git tag --contains 4c48abe91be03d191d0c20cc755877da2cb35622
    v4.13

What is your methodology that gets that it is in the 4.12 tree?

you are right, i actually didn't check on git, my bad

that's correct, versions prior to 4.12 are not affected

This is 4.11:

https://elixir.free-electrons.com/linux/v4.11/source/kernel/...

The code is significantly different but I still see a lack of access_ok(), so was the checking performed somewhere else that I didn't notice (I haven't looked closely at this part of the kernel before)?

it is the use of unsafe_put_user without access_ok(), not access_ok() alone

IIUC, you only need the access_ok() when using the new unsafe_put_user(). That code is still using put_user().