From 7b86e47617d81a4b14d929743425f448971e8c86 Mon Sep 17 00:00:00 2001
From: Steve Dower <steve.dower@python.org>
Date: Wed, 21 Apr 2021 23:34:29 +0100
Subject: bpo-43472: Ensure PyInterpreterState_New audit events are raised when
 called through _xxsubinterpreters module (GH-25506)

---
 Doc/library/sys.rst                                                | 4 ++--
 Misc/NEWS.d/next/Security/2021-04-21-22-53-31.bpo-43472.gjLBTb.rst | 3 +++
 Modules/_xxsubinterpretersmodule.c                                 | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2021-04-21-22-53-31.bpo-43472.gjLBTb.rst

diff --git a/Doc/library/sys.rst b/Doc/library/sys.rst
index 721edd1..e431d1b 100644
--- a/Doc/library/sys.rst
+++ b/Doc/library/sys.rst
@@ -26,12 +26,12 @@ always available.
 .. function:: addaudithook(hook)
 
    Append the callable *hook* to the list of active auditing hooks for the
-   current interpreter.
+   current (sub)interpreter.
 
    When an auditing event is raised through the :func:`sys.audit` function, each
    hook will be called in the order it was added with the event name and the
    tuple of arguments. Native hooks added by :c:func:`PySys_AddAuditHook` are
-   called first, followed by hooks added in the current interpreter.  Hooks
+   called first, followed by hooks added in the current (sub)interpreter.  Hooks
    can then log the event, raise an exception to abort the operation,
    or terminate the process entirely.
 
diff --git a/Misc/NEWS.d/next/Security/2021-04-21-22-53-31.bpo-43472.gjLBTb.rst b/Misc/NEWS.d/next/Security/2021-04-21-22-53-31.bpo-43472.gjLBTb.rst
new file mode 100644
index 0000000..e38dc16
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-04-21-22-53-31.bpo-43472.gjLBTb.rst
@@ -0,0 +1,3 @@
+Ensures interpreter-level audit hooks receive the
+``cpython.PyInterpreterState_New`` event when called through the
+``_xxsubinterpreters`` module.
diff --git a/Modules/_xxsubinterpretersmodule.c b/Modules/_xxsubinterpretersmodule.c
index 8943ebf..b94b130 100644
--- a/Modules/_xxsubinterpretersmodule.c
+++ b/Modules/_xxsubinterpretersmodule.c
@@ -2025,7 +2025,7 @@ interp_create(PyObject *self, PyObject *args, PyObject *kwds)
     }
 
     // Create and initialize the new interpreter.
-    PyThreadState *save_tstate = PyThreadState_Swap(NULL);
+    PyThreadState *save_tstate = PyThreadState_Get();
     // XXX Possible GILState issues?
     PyThreadState *tstate = _Py_NewInterpreter(isolated);
     PyThreadState_Swap(save_tstate);
-- 
cgit v0.12