From 0252ce35712f4a12e824fb8b40a867ec3460443e Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
 <31488909+miss-islington@users.noreply.github.com>
Date: Wed, 28 Apr 2021 09:20:40 -0700
Subject: [PATCH] bpo-43472: Ensure PyInterpreterState_New audit events are
 raised when called through _xxsubinterpreters module (GH-25506) (GH-25508)

(cherry picked from commit 7b86e47617d81a4b14d929743425f448971e8c86)

Co-authored-by: Steve Dower <steve.dower@python.org>

Co-authored-by: Steve Dower <steve.dower@python.org>
---
 Doc/library/sys.rst                                           | 4 ++--
 .../next/Security/2021-04-21-22-53-31.bpo-43472.gjLBTb.rst    | 3 +++
 Modules/_xxsubinterpretersmodule.c                            | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2021-04-21-22-53-31.bpo-43472.gjLBTb.rst

diff --git a/Doc/library/sys.rst b/Doc/library/sys.rst
index cb2f254b1fb..6b23b6f0ab7 100644
--- a/Doc/library/sys.rst
+++ b/Doc/library/sys.rst
@@ -26,12 +26,12 @@ always available.
 .. function:: addaudithook(hook)
 
    Append the callable *hook* to the list of active auditing hooks for the
-   current interpreter.
+   current (sub)interpreter.
 
    When an auditing event is raised through the :func:`sys.audit` function, each
    hook will be called in the order it was added with the event name and the
    tuple of arguments. Native hooks added by :c:func:`PySys_AddAuditHook` are
-   called first, followed by hooks added in the current interpreter.  Hooks
+   called first, followed by hooks added in the current (sub)interpreter.  Hooks
    can then log the event, raise an exception to abort the operation,
    or terminate the process entirely.
 
diff --git a/Misc/NEWS.d/next/Security/2021-04-21-22-53-31.bpo-43472.gjLBTb.rst b/Misc/NEWS.d/next/Security/2021-04-21-22-53-31.bpo-43472.gjLBTb.rst
new file mode 100644
index 00000000000..e38dc169def
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-04-21-22-53-31.bpo-43472.gjLBTb.rst
@@ -0,0 +1,3 @@
+Ensures interpreter-level audit hooks receive the
+``cpython.PyInterpreterState_New`` event when called through the
+``_xxsubinterpreters`` module.
diff --git a/Modules/_xxsubinterpretersmodule.c b/Modules/_xxsubinterpretersmodule.c
index de11c090870..314059d1082 100644
--- a/Modules/_xxsubinterpretersmodule.c
+++ b/Modules/_xxsubinterpretersmodule.c
@@ -2010,7 +2010,7 @@ interp_create(PyObject *self, PyObject *args, PyObject *kwds)
     }
 
     // Create and initialize the new interpreter.
-    PyThreadState *save_tstate = PyThreadState_Swap(NULL);
+    PyThreadState *save_tstate = PyThreadState_Get();
     // XXX Possible GILState issues?
     PyThreadState *tstate = _Py_NewInterpreter(isolated);
     PyThreadState_Swap(save_tstate);