We have a fun situation with read_descriptor_t - all its instances end
up passed to some actor; these actors use desc->buf as their private
data; there are 5 of them and they expect resp:

        struct lo_read_data *
        struct svc_rqst *
        struct file *
        struct rpc_xprt *
        char __user *

IOW, there is no type safety whatsoever; the field is essentially untyped,
we rely on the fact that actor is chosen by the same code that sets ->buf
and expect it to put something of the right type there.

Right now desc->buf is declared as char __user *.  Moreover, the last
argument of ->sendfile() (what should be stored in ->buf) is void __user *,
even though it's actually _never_ a userland pointer.

If nothing else, ->sendfile() should take void * instead; that alone removes
a bunch of bogus warnings.  I went further and replaced desc->buf with a
union of void * and char __user *.