Securely erase files cached in memory (dm_crypt)



I'm setting up a dm_crypt/LUKS volume and I want to make sure that
when the volume is suspended/closed, all the decrypted data is
securely removed from memory.

If I understand dm_crypt correctly, all data on the harddisk is
encrypted, but pages will be decrypted into RAM on demand. The manpage
for cryptsetup specifies that luksSuspend wipes the encryption key
from the kernel, but doesn't say anything about data that's already
been decrypted. Is this all taken care of by dm_crypt, or do I need to
be proactive about removing it, and if so, how? Also, do I need to
worry about decrypte blocks being put in swap space?

Thanks,
-Brian
.