RHEL 9.3 structure offset fix (#1442)

Bumps falco commit and module version

kernel-modules/MODULE_VERSION

@@ -1 +1 @@
-2.8.0
+2.8.1

kernel-modules/probe/Makefile

@@ -1,6 +1,6 @@
 # This file is largely duplicated from the Falco version, adjusted slightly for our specific
 # source file and includes.
-# See here for the original: 
+# See here for the original:
 #   https://github.com/falcosecurity/libs/blob/2c8335ae64f1e775def9f9f7c97e5340319c85f0/driver/bpf/Makefile
 
 always-y += probe.o
@@ -22,7 +22,7 @@ endif
 #
 # https://chromium.googlesource.com/chromiumos/third_party/kernel/+/096925a44076ba5c52faa84d255a847130ff341e%5E%21/#F2
 # This commit diverged the ChromiumOS kernel from stock in the area of audit information, which this probe accesses.
-# 
+#
 # This enables the workaround for this divergence.
 #
 NEEDS_COS_73_WORKAROUND = $(shell expr `grep -sc "^\s*struct\s\+audit_task_info\s\+\*audit;\s*$$" $(KERNELDIR)/include/linux/sched.h` = 1)
@@ -44,7 +44,7 @@ clean:
 	$(MAKE) -C $(KERNELDIR) M=$$PWD clean
 	@rm -f *~
 
-$(obj)/probe.o: $(src)/collector_probe.c
+$(obj)/probe.o: $(src)/collector_probe.c $(FALCO_DIR)/*.h
 	$(CLANG) $(LINUXINCLUDE) \
 		$(KBUILD_CPPFLAGS) \
 		$(KBUILD_EXTRA_CPPFLAGS) \

kernel-modules/probe/collector_probe.c

@@ -301,6 +301,8 @@ static __always_inline int exit_probe(long id, struct sys_exit_args* ctx) {
   int drop_flags = UF_ALWAYS_DROP;
   long mapped_id = id;
 
+  struct sys_exit_args stack_ctx = {.id = id, .ret = _READ(ctx->ret)};
+
   if (bpf_in_ia32_syscall()) {
     return 0;
   }
@@ -327,7 +329,7 @@ static __always_inline int exit_probe(long id, struct sys_exit_args* ctx) {
 
   // the fillers contain syscall specific processing logic, so we simply
   // call into those and let the rest of falco deal with the event.
-  call_filler(ctx, ctx, evt_type, drop_flags);
+  call_filler(ctx, &stack_ctx, evt_type, drop_flags);
   return 0;
 }