docs: Highlight the current broken state of SEV

This won't be resolved in time for Train GA, so add a release note
highlighting the problem until such a time as the release is fixed.

Change-Id: Iae30e12084640d1c0f072d2db18653111988929e
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Related-Bug: #1845986
Stable-Only

doc/source/admin/configuration/hypervisor-kvm.rst

@@ -684,6 +684,16 @@ explained above.
 Impermanent limitations
 -----------------------
 
+The following image metadata options are incompatible with the feature due to
+`bug #1845986 <https://bugs.launchpad.net/nova/+bug/1845986>`__.
+
+- ``hw_scsi_model=virtio-scsi`` and either ``hw_disk_bus=scsi`` or
+  ``hw_cdrom_bus=scsi``
+- ``hw_video_model=virtio``
+- ``hw_qemu_guest_agent=yes``
+
+This limitation will be resolved in the future.
+
 The following limitations may be removed in the future as the
 hardware, firmware, and various layers of software receive new
 features:

releasenotes/notes/bug-1845986-95cbede0a296b088.yaml

@@ -0,0 +1,21 @@
+---
+issues:
+  - |
+    The support for guest RAM encryption using AMD SEV (Secure Encrypted
+    Virtualization) added in Train is incompatible with a number of image
+    metadata options:
+
+    - ``hw_scsi_model=virtio-scsi`` and either ``hw_disk_bus=scsi`` or
+      ``hw_cdrom_bus=scsi``
+    - ``hw_video_model=virtio``
+    - ``hw_qemu_guest_agent=yes``
+
+    When used together, the guest kernel can malfunction with repeated warnings
+    like::
+
+        NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [system-udevd:272]
+
+    This will be resolved in a future patch release. For more information,
+    refer to `bug 1845986`__
+
+    __ https://bugs.launchpad.net/nova/+bug/1845986