This is 4.11:

https://elixir.free-electrons.com/linux/v4.11/source/kernel/...

The code is significantly different but I still see a lack of access_ok(), so was the checking performed somewhere else that I didn't notice (I haven't looked closely at this part of the kernel before)?

it is the use of unsafe_put_user without access_ok(), not access_ok() alone

IIUC, you only need the access_ok() when using the new unsafe_put_user(). That code is still using put_user().