了解Oracle critical patch update

4,557 views

Published on

Oracle Patch

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
4,557
On SlideShare
0
From Embeds
0
Number of Embeds
2,535
Actions
Shares
0
Downloads
39
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

了解Oracle critical patch update

  1. 1. 了解 Oracle Critical Patch Update by Maclean.liu liu.maclean@gmail.com www.oracledatabase12g.com
  2. 2. About Mel Email:liu.maclean@gmail.coml Blog:www.oracledatabase12g.coml Oracle Certified Database Administrator Master 10gand 11gl Over 6 years experience with Oracle DBA technologyl Over 7 years experience with Linux technologyl Member Independent Oracle Users Groupl Member All China Users Groupl Presents for advanced Oracle topics: RAC,DataGuard, Performance Tuning and Oracle Internal.
  3. 3. Oracle Critical Patch Update 是什么?Critical Patch Update(以下简称 CPU),是 Oracle 在 2005 年开始引入的产品安全更新策略。一般来说 CPU 包含了 Oracle 产品安全漏洞的修复补丁集 (set of security bug fix)。CPU 最早的雏形出现在 2005 年,该项目致力于为客户周期性地提供累积性的补丁以修复安全漏洞。通常 CPU 补丁会在每季度开始第一个月的 15 号发布,按照发布日期的不同可以划分为: • January : CPU JAN • April : CPU APR • July : CPU JUL • October : CPU OCT存在以下 3 种类型的 CPU 补丁: • Normal CPU:在 10.2.0.2 之前所有的 CPU 均是 Normal CPU • Molecular CPU:Molecular 解释为分子,从 10.2.0.3 开始以后版本的 CPU patches 均以 Molecular 格式发布,之后我们会介绍 Normal/Molecular 格式的区别 • CPU Bundle Patch:由于在 Windows 平台无法利用替换共享库文件后 relink 的方式来 更新 Oracle binary,所以 Oracle 特别针对 Windows 发布区别于 Unix 上 Normal/Molecular CPU 的 CPU Bundle patch(也因此 Bundle Patch 会别较大)。Windows bundle patches 通常每一个季度都会发布接下来我们通过 2 个实例来了解 Normal CPU 与 Molecular CPU 之间的区别。Linux x86 平台上的 CPUJAN2009 for 9.2.0.8 的 bug#补丁号为 7592365。我们可以通过该补丁号从 My OracleSupport 上下载到压缩为 zip 的补丁包,试着将该压缩包解压后我们会发现该 CPU 补丁包的目录结构类似于一个 one-off patch(一次性补丁):$cd 7592365$ls/etc /files readme
  4. 4. 之前已经介绍过了从 10.2.0.3 开始以后版本的 CPU patches 均以 Molecular 格式发布。我们选取 Linux x86 平台上的 CPUAPR2009 for 10.2.0.4 为 Molecular CPU 的示例,下载并解压该CPU 后会发现补丁包目录下有不少以 Patch number 为名的子目录,这就是 Molecular-分子式的寓意所在,其实你也可以简单地理解为是对散装的安全补丁打了包:$cd 8290506$ls7155248 7155251 7155254 7375613 7609058 8309592 8309637 cpu_root.sh7155249 7155252 7197583 7375617 8290506 8309623 8309639 patchmd.xml7155250 7155253 7375611 7609057 8309587 8309632 8309642 README.html以上每一个数字代表一个 molecules,称作分子补丁注意!一个 molecules 可能包含有多个小的 fix!!Normal CPU 与 Molecular CPU 间的差异还表现在所包含的补丁类型上。Normal CPU 也被叫做 Classic CPU 即传统 CPU,不同于 molecular CPU,Normal CPU 不仅包含安全漏洞修复,针对于特定的产品、产品版本及平台还可能包含了非安全的补丁。而 Molecular CPU(在 MOS 上有时也被叫做 New format CPU)从 10.2.0.3 开始改变了既往Normal CPU 的习惯,Molecular CPU 仅仅包含安全漏洞补丁(security bug fixes),这是目前CPU 与另一种补丁更新策略 Patch Set Update(PSU)间的主要区别之一(PSU 在格式上类似于Normal CPU),CPU 专门负责修复安全漏洞,而 PSU 往往会包含 CPU(INCLUDES CPU)。第一个以 Molecular 形式发布的是 CPU 是 CPUJUL2007(DB-10.2.0.3-MOLECULE-013-CPUAPR2007):此外根据 Oracle Product lifetime 的介绍 CPU 的发布遵循几个原则: 1. CPU 仅为最新的 patchset 补丁集发布
  5. 5. 2. 对于之前的 patchset 补丁集存在一个宽限期,在此宽限期内仍会针对老的 patchset 发 布 CPU,关于这个宽限期(grace period)在 MOS 文档<Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy [ID 209768.1]>中有详细描述,实际上 如 Fusion Middleware、Application 等 Oracle 产品的维护保障期也受到该宽限期的影 响,以下摘录 Database 部分的附录:Grace Period: up to 1 year, minimum 3 months.You have up to one year from the release of a patch set on the first platform(currently Linux x86) to plan forand install the new patch set. During that year we will create new bug fixes forthe previous patch set.This grace period is effective with the release of 10.2.0.4.For example, 10.2.0.4 was released first on Linux x86. The release date was 22February 2008.Until 22 February 2009 we will create new fixes for both 10.2.0.3 and 10.2.0.4.After that date new fixes for 10.2.0.3 will cease on all platforms and we willonly create new fixes for 10.2.0.4.Grace period for current patch sets can be found on Metalink in Note 742060.1Exceptions:3 Month minimum grace period: Since the release of a patch set on differentplatforms happens over time,not all platforms will be supported for error correction for the full year.Because of this,we will always support the previous patch set for error correction for at least3 months.For example, if the initial release of patchset A.x.y.z is on January 1st onLinux x86 and the same patch setis released on Univac on November1, Oracle will still provide new patches onUnivac A.x.y.z-1 untilthe end of January of the next year. Outside of the specific exceptions listedbelow,CPUs will NOT be provided beyond the initial 12-month grace period.Bundle patches for Windows: Oracle releases patches for Windows via periodicpatch bundles instead ofinterim patches. Patch bundles are released periodically (at least quarterly),and include the security fixesfrom that quarter’s Critical Patch Update.举例来说 10R2 上的 CPUJAN2009 发布时有 10.2.0.3 和 10.2.0.4 这 2 个版本的,因为当时10.2.0.3 还在宽限期内;而到 了 CPUAPR2009 也就是三个月后,10.2.0.3 的宽限期也超过了,所以 10GR2 上的 CPUAPR2009 只有 10.2.0.4 一个版本的了。在 Unix 平台上 10.2.0.3 之前(包含 9iR2,10gR1,10.2.0.2),因为当时是以 Normal 格式发布的CPU,用户 apply CPU 时要么不打,要打就必须打上整个 CPU,这导致出现补丁冲突(conflict patch)的概率大大提高了。依照当时的 support 流程,在 Oracle 发布 CPU 的 4 周内用户若发现 CPU 与现有 patch 间存在冲突,那么可以 提交 Service Request 让 Oracle 开发部门去
  6. 6. 开发出一个超集合并(superset merge)的 CPU 版本,若用户在超过 4 周后才提交 SR 那么会被告知等下一次 CPU 的发布,Oracle 在接到开发合并版本 CPU 的要求后会在以后的 2 周内(也就是 CPU 发布的第六周)发布用户需要的 merged cpu。CPUJAN2009 发布于 2009 年 1 月 15日,假设我是一家对数据库安全性要求极其严格的公司,我希望实施该 CPUJAN2009 以提高自身 数据库的安全,那么如果我在 1 月 15 日即发现 CPUJAN2009 与现有补丁存在冲突并通过 MOS 向 oracle 报告了该冲突问题,那么 Oracle 理论 上会在 2009 年的 2 月 28 日向我提供相应的超集合并补丁;若我在 2 月 15 日才刚刚发现冲突的存在,那么我将不得不等待下一次 CPU 的发布,在这个假设中 是 4 月 15 日,也就是 2 个月之后。实施 Normal CPU 的原子性要求给用户和 Oracle Support 都带来了不小的工作量,为了缓解这种矛盾,Molecular CPU 应运而生。从 10.2.0.3 开始发布的 Molecular CPU 在 apply 时没有如 Normal CPU 那样强的原子性要求,即我们可以安装 Molecular CPU 中所包含的一部分安全补丁,而跳过一些存在冲突的安全补丁。此外因为 Molecular CPU 的特有格式,patch conflict 补丁冲突仅可能发生在某个特定的分子补丁(molecule)上,而不会整个补丁包都存在冲突。针对这部分存在冲突的分子补丁(一般来说 就是普通的 one-off patch),用户可以随时向 Oracle 支持部分提出合并 patch 的请求,这打破了 Normal CPU 所造成的不便。如上文所述 Molecular CPU 仅针对最新的补丁集(patchset)或仍处在宽限期(grace period)的补丁集发布。
  7. 7. 从理论上讲在实施新的 Molecular CPU 时,一般不会出现如 Normal CPU 那样 opatch 报整个补丁都存在冲突的现象,取而代之冲突会存在于个别 molecule 分子补丁上。在此情形下用户可以跳过存在冲突的 molecule,以便安装剩余的无冲突的安全补丁,并申请对已安装的 one-off patch 和存在冲突的 molecule 实施合并。one-off patch merge 是 Oracle Support 日常的客户服务项目,所以不用担心得不到 merge patch,当然这仍是在最新补丁集或宽限期的前提下,举例来说如果现在我们去申请 10.2.0.3 上的 patch merge 则很可能被 Oracle Support 以要求升级为由来拒绝。此外我们需要铭记 CPU 补丁总是累加(cumulative)的,这一点同 PSU(Patch Set Update)恰恰不同!新的 PSU 补丁可能未包含之前发布的 PSU 补丁内容,而 CPU 补丁总是包含所有之前的CPU 内容。举例来说 10.2.0.4.5 即 10204 上的 PSU5 就没有包含 10.2.0.4.4(PSU4)中的所有fix,这要求我们在安装 PSU5 时以 PSU4 为基础(Patch Set Update PSU 10.2.0.4.5 is an overlayPSU whose base PSU is 10.2.0.4.4. This patch can only be applied in an Oracle home for whichPSU 10.2.0.4.4 has already been installed);而 10.2.0.4 上的 CPUAPR2011 就会包含CPUJAN2011 及之前的所有补丁内容。因为传统 CPU 与 Molecular CPU 在格式上的差异,所以它们在 apply 时的步骤亦不相同。Normal CPU 会在 apply 之前将所有旧的 CPU 全都回滚掉,以保持自身能被打上。而Molecular CPU 则不那么简单粗暴,它只需要 apply 其所包含的新的 molecules 分子补丁即可,即如果之前有安装过老的 CPU,那么老的 cpu 补丁是不动 的。
  8. 8. 同时 CPU 补丁的内容还会被包含在今后发布的 Patch Set 或 Patch Set Update(PSU)中(CPUmolecules in PSU),注意针对如 9.2.0.8 这样的最终补丁集,Oracle 将不再发布新的 Patchset或 PSU;10.2.0.5 作为 10g 的最终版本今后 将不会再有 Patchset 发布,但包含了 CPU 的 PSU仍会被发布。很多朋友都会要问 CPU 补丁是否是必须要安装的?实际上并没有一个强制要求安装 CPU 的理由,Oracle 仅仅是强烈推荐实施这些补丁以降低潜在的安全风险并降低受到骇客入侵成功的概率。安装 CPU 与安装普通的 one-off patch 或 PSU 没有太大的区别,同样要使用著名的 opatch 工具。Normal CPU 具有强的原子性要求,所以我们不可能去不完整(partial)的安装一个 NormalCPU。而对于 10.2.0.3 后出现的 Molecular CPU 则没有这种限制,Molecular CPU 总是由一定数量的 molecules 分子补丁组成,注意实际上每一个 molecules 还可能包含了一个或多个的小的 Fix。虽然我们在没有补丁冲 突的情况下,也可以选择仅安装 CPU 中的一个子集的molecules,但 Oracle 强烈推荐尽可能安装整个 CPU。我们在安装 Normal CPU 时使用和安装 one-off patch 同样简单的”opatch apply”命令。在安装Molecular CPU 时的命令要负责一些,在不同需求下可能分为:1.安装 CPU 中所有的 molecules$./opatch napply <patch_location> -skip_subset -skip_duplicate-skip_subset 意为跳过那些已安装补丁的子集(subset patches--patches under that aresubsets of patchesinstalled in the ORACLE_HOME)
  9. 9. -skip_duplicate,跳过已安装过的 molecule(provides the additional benefit ofdetecting when a moleculepatch has already been applied, as in the case of a previous CPU, and to skipapplication of it.This reduces the length of time required to do the n-apply CPU installation andminimizesthe overall change to the Oracle home)2.安装 CPU 中的部分 molecules$ ./opatch napply 8290506 -id 7155248,7155249,7155250 -skip_subset-skip_duplicate以上意为 apply patch 7155248,7155249,7155250Invoking OPatch 11.2.0.1.3Oracle Interim Patch Installer version 11.2.0.1.3Copyright (c) 2010, Oracle Corporation. All rights reserved.UTIL sessionOracle Home : /s01/db_1Central Inventory : /s01/oraInventory from : /etc/oraInst.locOPatch version : 11.2.0.1.3OUI version : 10.2.0.4.0OUI location : /s01/db_1/ouiLog file location : /s01/db_1/cfgtoollogs/opatch/opatch2011-06-02_22-37-02PM.logPatch history file: /s01/db_1/cfgtoollogs/opatch/opatch_history.txtInvoking utility "napply"Checking conflict among patches...Checking if Oracle Home has components required by patches...Checking skip_duplicateChecking skip_subsetChecking conflicts against Oracle Home...OPatch continues with these patches: 7155250 7155249 7155248Do you want to proceed? [y|n]yUser Responded with: YRunning prerequisite checks...OPatch detected non-cluster Oracle Home from the inventory and will patch thelocal system only.Please shutdown Oracle instances running out of this ORACLE_HOME on the localsystem.(Oracle Home = /s01/db_1)Is the local system ready for patching? [y|n]yUser Responded with: YBacking up files affected by the patch NApply for restore. This might take awhile...Applying patch 7155250...ApplySession applying interim patch 7155250 to OH /s01/db_1Backing up files affected by the patch 7155250 for rollback. This might take awhile...
  10. 10. Patching component oracle.rdbms, 10.2.0.4.0...Updating archive file "/s01/db_1/lib/libserver10.a" with"lib/libserver10.a/kupp.o"Copying file to "/s01/db_1/rdbms/admin/prvtbpp.plb"ApplySession adding interim patch 7155250 to inventoryVerifying the update...Inventory check OK: Patch ID 7155250 is registered in Oracle Home inventory withproper meta-data.Files check OK: Files from Patch ID 7155250 are present in Oracle Home.Applying patch 7155249...ApplySession applying interim patch 7155249 to OH /s01/db_1Backing up files affected by the patch 7155249 for rollback. This might take awhile...Patching component oracle.rdbms, 10.2.0.4.0...Copying file to "/s01/db_1/rdbms/admin/prvtdefr.plb"ApplySession adding interim patch 7155249 to inventoryVerifying the update...Inventory check OK: Patch ID 7155249 is registered in Oracle Home inventory withproper meta-data.Files check OK: Files from Patch ID 7155249 are present in Oracle Home.Applying patch 7155248...ApplySession applying interim patch 7155248 to OH /s01/db_1Backing up files affected by the patch 7155248 for rollback. This might take awhile...Patching component oracle.rdbms, 10.2.0.4.0...Copying file to "/s01/db_1/rdbms/lib/env_rdbms.mk"ApplySession adding interim patch 7155248 to inventoryVerifying the update...Inventory check OK: Patch ID 7155248 is registered in Oracle Home inventory withproper meta-data.Files check OK: Files from Patch ID 7155248 are present in Oracle Home.Running make for target ioracleRunning make for target iextjobRunning make for target iextjoboThe local system has been patched and can be restarted.UtilSession: N-Apply done.OPatch succeeded.另外我们可以使用 opatch lsinventory -bugs_fixed 命令列出已安装的 CPU/PSU$ ./opatch lsinventory -bugs_fixedList of Bugs fixed by Installed Patches:Bug Fixed by Installed at Description Patch--- -------- ------------ -----------8309642 8309642 Thu Jun 02 22:54:51 CST 2011 DB-10.2.0.4-MOLECULE-018-CPUAPR20098309639 8309639 Thu Jun 02 22:54:48 CST 2011 DB-10.2.0.4-MOLECULE-019-CPUAPR20098309637 8309637 Thu Jun 02 22:54:45 CST 2011 DB-10.2.0.4-MOLECULE-020-CPUAPR20098309632 8309632 Thu Jun 02 22:54:42 CST 2011 DB-10.2.0.4-MOLECULE-017-CPUAPR2009
  11. 11. 8309623 8309623 Thu Jun 02 22:54:39 CST 2011 DB-10.2.0.4-MOLECULE-016-CPUAPR20098309592 8309592 Thu Jun 02 22:54:35 CST 2011 DB-10.2.0.4-MOLECULE-015-CPUAPR20098309587 8309587 Thu Jun 02 22:54:30 CST 2011 DB-10.2.0.4-MOLECULE-014-CPUAPR20097150470 8290506 Thu Jun 02 22:54:26 CST 2011 MLR BUG FOR 10.2.0.4 FORCPUJUL20087375644 8290506 Thu Jun 02 22:54:26 CST 2011 MLR BUG FOR 10.2.0.4 FORCPUOCT20087592346 8290506 Thu Jun 02 22:54:26 CST 2011 CPUJAN2009 DATABASE 10.2.0.48290506 8290506 Thu Jun 02 22:54:26 CST 2011 CPUAPR2009 DATABASE 10.2.0.47609058 7609058 Thu Jun 02 22:54:21 CST 2011 DB-10.2.0.4-MOLECULE-013-CPUJAN20097609057 7609057 Thu Jun 02 22:54:17 CST 2011 DB-10.2.0.4-MOLECULE-012-CPUJAN20097375617 7375617 Thu Jun 02 22:54:14 CST 2011 DB-10.2.0.4-MOLECULE-0011-CPUOCT20087375613 7375613 Thu Jun 02 22:54:11 CST 2011 DB-10.2.0.4-MOLECULE-0010-CPUOCT20087375611 7375611 Thu Jun 02 22:54:07 CST 2011 DB-10.2.0.4-MOLECULE-009-CPUOCT20087197583 7197583 Thu Jun 02 22:54:03 CST 2011 DB-10.2.0.4-MOLECULE-008-CPUJUL20087155254 7155254 Thu Jun 02 22:54:00 CST 2011 DB-10.2.0.4-MOLECULE-007-CPUJUL20087155253 7155253 Thu Jun 02 22:53:35 CST 2011 DB-10.2.0.4-MOLECULE-006-CPUJUL20087155252 7155252 Thu Jun 02 22:53:13 CST 2011 DB-10.2.0.4-MOLECULE-005-CPUJUL20087155251 7155251 Thu Jun 02 22:53:07 CST 2011 DB-10.2.0.4-MOLECULE-004-CPUJUL20087155250 7155250 Thu Jun 02 22:53:02 CST 2011 DB-10.2.0.4-MOLECULE-003-CPUJUL20087155249 7155249 Thu Jun 02 22:52:58 CST 2011 DB-10.2.0.4-MOLECULE-002-CPUJUL20087155248 7155248 Thu Jun 02 22:52:54 CST 2011 DB-10.2.0.4-MOLECULE-001-CPUJUL20083.回滚 CPU 中的部分 molecules$ ./opatch nrollback -id 7155248,7155249,7155250This will roll back patches 7155248,7155249,7155250 that have been installedunder the ORACLE_HOME.If a patch is not installed, it does not have any impact and roll back skips thepatch.Invoking OPatch 11.2.0.1.3Oracle Interim Patch Installer version 11.2.0.1.3Copyright (c) 2010, Oracle Corporation. All rights reserved.UTIL sessionOracle Home : /s01/db_1Central Inventory : /s01/oraInventory from : /etc/oraInst.locOPatch version : 11.2.0.1.3OUI version : 10.2.0.4.0OUI location : /s01/db_1/ouiLog file location : /s01/db_1/cfgtoollogs/opatch/opatch2011-06-02_22-41-49PM.logPatch history file: /s01/db_1/cfgtoollogs/opatch/opatch_history.txtInvoking utility "nrollback"Patches will be rolled back in the following order:
  12. 12. 7155248 7155249 7155250Running prerequisite checks...The following patch(es) will be rolled back: 7155248 7155249 7155250OPatch detected non-cluster Oracle Home from the inventory and will patch thelocal system only.Please shutdown Oracle instances running out of this ORACLE_HOME on the localsystem.(Oracle Home = /s01/db_1)Is the local system ready for patching? [y|n]yUser Responded with: YBacking up files affected by the patch NRollback for restore. This might takea while...Rolling back patch 7155248...RollbackSession rolling back interim patch 7155248 from OH /s01/db_1Patching component oracle.rdbms, 10.2.0.4.0...Copying file to "/s01/db_1/rdbms/lib/env_rdbms.mk"RollbackSession removing interim patch 7155248 from inventoryRolling back patch 7155249...RollbackSession rolling back interim patch 7155249 from OH /s01/db_1Patching component oracle.rdbms, 10.2.0.4.0...Copying file to "/s01/db_1/rdbms/admin/prvtdefr.plb"RollbackSession removing interim patch 7155249 from inventoryRolling back patch 7155250...RollbackSession rolling back interim patch 7155250 from OH /s01/db_1Patching component oracle.rdbms, 10.2.0.4.0...Updating archive file "/s01/db_1/lib/libserver10.a" with"lib/libserver10.a/kupp.o"Copying file to "/s01/db_1/rdbms/admin/prvtbpp.plb"RollbackSession removing interim patch 7155250 from inventoryRunning make for target iextjobRunning make for target iextjoboRunning make for target ioracleThe local system has been patched and can be restarted.UtilSession: N-Rollback done.OPatch succeeded.安装 CPU 补丁除去以上列出的命令外还可以参考 MOS 文档<OPatch Utility Guide – 10.2 [ID554417.1]>和<Critical Patch Update – Introduction to Database n-Apply CPUs [ID 438314.1]>。完成以上 opatch 操作后针对既有的数据库(已经创建在使用的数据库)还需要在数据库级别运行数据字典升级脚本:SQL> select * from global_name;GLOBAL_NAME--------------------------------------------------------------------------------www.oracledatabase12g.com1.针对传统的 Normal CPU 运行@?/rdbms/admin/catcpu.sql2.针对 Molecular CPU 补丁需要运行sqlplus /nologSQL> CONNECT / AS SYSDBA
  13. 13. @?/rdbms/admin/catbundle cpu applycd $ORACLE_HOME/cpu/view_recompilesqlplus /nologSQL> CONNECT / AS SYSDBASQL> @recompile_precheck_jan2008cpu.sqlSQL> QUITcd $ORACLE_HOME/cpu/view_recompilesqlplus /nologSQL> CONNECT / AS SYSDBASQL> SHUTDOWN IMMEDIATESQL> STARTUP UPGRADESQL> @view_recompile_jan2008cpu.sqlSQL> SHUTDOWN;SQL> STARTUP;SQL> @?/rdbms/admin/utlrpSQL> QUIT以上字典升级工作的步骤可以从补丁包自带的 README.HTML 网页中找到,另外你可以参考 MOS 文档<Introduction To Oracle Database catbundle.sql [ID 605795.1]>。虽然 Oracle 宣称其发布的每一个 CPU 都经过广泛和长时间的测试,但实际 Oracle 不可能具体到每一个用户的环境中去做测试,所以贸然实施 CPU 还是可能有一定风险的。Oracle 推荐用户在将 CPU 安装到生产系统之前,首先在自己客制化的环境中充分测试安装 CPU 所可能带来的影响。我们可以从 Critical Patch Update Advisory 上找到 Oracle 产品相关的安全风险信息,作为是否实施 CPU 补丁的依据之一。此外随 CPU 附带的文档将是用户所能找到最为详细的同时也是最有用的安全信息来源。Reference:Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy [ID
  14. 14. 209768.1]<OPatch Utility Guide – 10.2 [ID 554417.1]><Critical Patch Update – Introduction to Database n-Apply CPUs [ID 438314.1]><Introduction To Oracle Database catbundle.sql [ID 605795.1]>。http://www.oracle.com/technetwork/topics/security/whatsnew/index.htmlPS:如果对 PSU 有兴趣,可以读一读 Kamusis 的 Notes for Oracle Database PSU/CPU

×