All of this is just patching the symptoms. The kernel should be secure against NULL pointer exploits regardless of the value of mmap_min_addr.
This is a case of security being badly compromised for the sake of performance. If the hardware doesn't support limiting supervisor access to the NULL page while allowing user accesses, and the overhead of updating the page tables when moving between user and supervisor mode is too high, then the page(s) should be permanently unmapped with user-space accesses emulated in the page-fault handler. That would allow (much slower) access to these infrequently-used pages without kernel security compromises.