By extent, should I check if the pointer to the device tree provided to the kernel is NULL?

I don't think the RISC-V specification per se specifies which addresses might be valid to access when the kernel boots. This information must be hardcoded into the kernel, or detected by probing the hardware or BIOS somehow, or provided by the device tree itself. In that last case it is impossible to sanitize the device tree address, so don't. In the other cases I don't think it's worth the effort; I would simply allow whatever happens when you access invalid memory to happen.