This kernel update contains a good number of fixes for MACsec security framework.
MACsec, or IEEE 802.1ae in the world of standards, is a security layer that operates on Media Access Control and aims to provide confidentiality, integrity and authenticity. Although the standard does not directly mention Ethernet, in reality it means protecting our Ethernet frames and uses a similar to Ethernet framework that includes certain additional fields.
In the Linux kernel, MACsec is totally represented by a drivers/net/macsec.c file. It won't be a surprise that MACsec is controlled via Netlink protocol, like multitude of other stuff in Linux kernel.
Authors of the standard did a good job in selecting actual cipher suites that are used in MACsec, specifically AES-GCM-128 (which is the default), AES-GCM-256, AES-GCM-128-XPM and AES-GCM-256-XPN. They all belong to the AEAD class of cipher providing both encryption and authentication, which is super good thing. These ciphers are directly used from the Kernel crypto framework.
Additionally, Linux MACsec implementation supports offloading MAC and PHY layers to the actual drivers that, in turn, offload them to the hardware. Actual devices where Linux support MACsec hardware offload are "aQuantia" 10G Ethernet cards and "Microsemi" VSC85xx-based cards.
Useful Links