diff --git a/SOURCES/kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch b/SOURCES/kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch
new file mode 100644
index 0000000..75a1165
--- /dev/null
+++ b/SOURCES/kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch
@@ -0,0 +1,114 @@
+From 8cafea931977e494797584610664279ea21ef427 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Fri, 21 Dec 2018 00:31:11 +0100
+Subject: [PATCH] i386: Deprecate arch-facilities and make it block live
+ migration
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20181221003111.32374-1-ehabkost@redhat.com>
+Patchwork-id: 83733
+O-Subject: [RHEL-7.7 qemu-kvm PATCH] i386: Deprecate arch-facilities and make it block live migration
+Bugzilla: 1664792
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Jiri Denemark <jdenemar@redhat.com>
+
+The arch-facilities feature flag is being deprecated because it
+was never supported upstream.  The upstream property is
+called "arch-capabilities", but it was not backported to
+RHEL7/qemu-kvm.
+
+Note that arch-capabilities is not required for mitigation of
+CVE-2017-5715.
+
+In addition to being deprecated, arch-facilities will now block
+live migration because the value of MSR_IA32_ARCH_CAPABILITIES is
+host-dependent and not migration-safe.
+
+Note that the "arch-facilities" option didn't work in RHEL-7.5.
+It only started working (by accident) on RHEL-7.6, after the KVM
+kernel module code was updated to report the feature flag on
+GET_SUPPORTED_CPUID.
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 35 +++++++++++++++++++++++++++++++++++
+ target-i386/cpu.h |  1 +
+ 2 files changed, 36 insertions(+)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index 4b3a238e8d..a36483eca9 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -34,6 +34,7 @@
+ #include "qapi-visit.h"
+ #include "qapi/visitor.h"
+ #include "sysemu/arch_init.h"
++#include "migration/migration.h"
+ 
+ #include "hw/hw.h"
+ #if defined(CONFIG_KVM)
+@@ -1742,6 +1743,14 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
+                                          wi->cpuid_reg);
+     }
+ 
++    /*
++     * Features that won't be enabled automatically by "-cpu host" even if
++     * reported by GET_SUPPORTED_CPUID:
++     */
++
++    /* arch-facilities: deprecated (see comment on x86_cpu_realizefn()) */
++    x86_cpu_def->features[FEAT_7_0_EDX] &= ~CPUID_7_0_EDX_ARCH_CAPABILITIES;
++
+ #endif /* CONFIG_KVM */
+ }
+ 
+@@ -3089,6 +3098,32 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
+ #endif
+     }
+ 
++    /*
++     * RHEL-only:
++     *
++     * The arch-facilities feature flag is deprecated because it was never
++     * supported upstream.  The upstream property is "arch-capabilities",
++     * but it was not backported to this QEMU version.  Note that
++     * arch-capabilities is not required for mitigation of CVE-2017-5715.
++     *
++     * In addition to being deprecated, arch-facilities blocks live migration
++     * because the value of MSR_IA32_ARCH_CAPABILITIES is host-dependent and
++     * not migration-safe.
++     */
++    if (cpu->env.features[FEAT_7_0_EDX] & CPUID_7_0_EDX_ARCH_CAPABILITIES) {
++        static bool warned = false;
++        static Error *arch_facilities_blocker;
++        if (!warned) {
++            error_setg(&arch_facilities_blocker,
++                       "The arch-facilities CPU feature is deprecated and "
++                       "does not support live migration");
++            migrate_add_blocker(arch_facilities_blocker);
++            error_report("WARNING: the arch-facilities CPU feature is "
++                         "deprecated and does not support live migration");
++            warned = true;
++        }
++    }
++
+ #ifndef CONFIG_USER_ONLY
+     qemu_register_reset(x86_cpu_machine_reset_cb, cpu);
+ 
+diff --git a/target-i386/cpu.h b/target-i386/cpu.h
+index debb0e5bf4..73437f16c5 100644
+--- a/target-i386/cpu.h
++++ b/target-i386/cpu.h
+@@ -597,6 +597,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
+ #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */
+ #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */
+ #define CPUID_7_0_EDX_SPEC_CTRL     (1U << 26) /* Indirect Branch - Restrict Speculation */
++#define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29)  /*Arch Capabilities*/
+ #define CPUID_7_0_EDX_SPEC_CTRL_SSBD  (1U << 31) /* Speculative Store Bypass Disable */
+ 
+ #define CPUID_8000_0008_EBX_IBPB    (1U << 12) /* Indirect Branch Prediction Barrier */
+-- 
+2.19.1
+
diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec
index 007479a..652e4b1 100644
--- a/SPECS/qemu-kvm.spec
+++ b/SPECS/qemu-kvm.spec
@@ -76,7 +76,7 @@ Obsoletes: %1 < %{obsoletes_version}                                      \
 Summary: QEMU is a machine emulator and virtualizer
 Name: %{pkgname}%{?pkgsuffix}
 Version: 1.5.3
-Release: 160%{?dist}
+Release: 160%{?dist}.1
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 Epoch: 10
 License: GPLv2 and GPLv2+ and CC-BY
@@ -3939,6 +3939,8 @@ Patch1940: kvm-ide-support-reporting-of-rotation-rate.patch
 Patch1941: kvm-ide-avoid-referencing-NULL-dev-in-rotational-rate-se.patch
 # For bz#1586253 - CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.6]
 Patch1942: kvm-slirp-Correct-size-check-in-m_inc.patch
+# For bz#1664792 - mode="host-model" VMs include broken "arch-facilities" flag name [qemu-kvm] [rhel-7.6.z]
+Patch1943: kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch
 
 
 BuildRequires: zlib-devel
@@ -6059,6 +6061,7 @@ tar -xf %{SOURCE21}
 %patch1940 -p1
 %patch1941 -p1
 %patch1942 -p1
+%patch1943 -p1
 
 %build
 buildarch="%{kvm_target}-softmmu"
@@ -6504,6 +6507,11 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
 %{_mandir}/man8/qemu-nbd.8*
 
 %changelog
+* Mon Jan 14 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-160.el7_6.1
+- kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch [bz#1664792]
+- Resolves: bz#1664792
+  (mode="host-model" VMs include broken "arch-facilities" flag name [qemu-kvm] [rhel-7.6.z])
+
 * Mon Aug 20 2018 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-160.el7
 - kvm-scsi-disk-support-reporting-of-rotation-rate.patch [bz#1583807]
 - kvm-ide-support-reporting-of-rotation-rate.patch [bz#1583807]