init: close all sessions of exited children

With this patch, init responds to the exit of a child by closing all
sessions of the child. E.g., if a child is a GUI application, its
nitpicker session is closed at the time of exit, not at the time when
the start node disappears from init's configuration.

Since this change requires a modification of the 'Genode::Child' class,
it takes the chance to make the child-destruction less brutal. The
new version ensures that all threads of the destructed subsystem are
destructed before other sessions, in particular PD sessions. This
eliminates spurious page-fault warnings during the child destruction.

On Fiasco.OC, closing the CPU session of a thread while being called by
the thread causes a deadlock. Hence, we skip the eager destruction of
CPU sessions on this kernel.

Related to issue #2659

repos/base-foc/src/include/base/internal/child_policy.h

@@ -0,0 +1,30 @@
+/*
+ * \brief  Hook for kernel-specific child-handling policy
+ * \author Norman Feske
+ * \date   2018-01-30
+ */
+
+/*
+ * Copyright (C) 2018 Genode Labs GmbH
+ *
+ * This file is part of the Genode OS framework, which is distributed
+ * under the terms of the GNU Affero General Public License version 3.
+ */
+
+#ifndef _INCLUDE__BASE__INTERNAL__CHILD_POLICY_H_
+#define _INCLUDE__BASE__INTERNAL__CHILD_POLICY_H_
+
+namespace Genode {
+
+	/*
+	 * On Fiasco.OC, we cannot eagerly destroy the CPU session of a child
+	 * as a direct response of a 'Parent::exit' RPC call. The parent gets
+	 * stuck at the CPU-session destruction, which is unexpected. By setting
+	 * the constant below to 'false', we work around the problem.
+	 *
+	 * See https://github.com/genodelabs/genode/issues/2659
+	 */
+	constexpr bool KERNEL_SUPPORTS_EAGER_CHILD_DESTRUCTION = false;
+}
+
+#endif /* _INCLUDE__BASE__INTERNAL__CHILD_POLICY_H_ */