I want to use monitor and mwait instructions in a userspace application. Unfortunately, they're privileged instructions only executable by ring 0.

My application has root access. How can I escalate privileges to ring 0?

I've considered a kernel module that adds them as a syscall, but that destroys the performance improvement I need them for.

Compiling a custom kernel is an option. I have no idea where in the source the switch to ring 0 might be located however, nor if it'll have any side-effects on e.g. virtual memory.

Any ideas?

It is not possible to get a ring0 from user-space with standard linux kernel. And it's preferable to write a kernel module to do thinks you want. But if you really want to have a ring0 at user-space, I'll give you a start point.

x86 processors stores Current Privilege Level in the two least significant bits of cs register.

When new thread is created, Linux kernel checks whether this thread is user thread or kernel one and stores appropriate cs value for this task. (Proof: copy_thread() in arch/x86/kernel/process_32.c).

So, you are able to get pointer to task registers with task_pt_regs() (arch/x86/include/asm/processor.h) macro and alter cs to set ring to 0 with regs->cs &= ~0x3; or something similar.

But again, I strongly recommend you, don't do it.