diff --git a/quantum/db/securitygroups_db.py b/quantum/db/securitygroups_db.py
index f54ba9ad4a..f5cd11e15c 100644
--- a/quantum/db/securitygroups_db.py
+++ b/quantum/db/securitygroups_db.py
@@ -136,7 +136,14 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
 
     def get_security_groups(self, context, filters=None, fields=None,
                             sorts=None, limit=None,
-                            marker=None, page_reverse=False):
+                            marker=None, page_reverse=False, default_sg=False):
+
+        # If default_sg is True do not call _ensure_default_security_group()
+        # so this can be done recursively. Context.tenant_id is checked
+        # because all the unit tests do not explicitly set the context on
+        # GETS. TODO(arosen)  context handling can probably be improved here.
+        if not default_sg and context.tenant_id:
+            self._ensure_default_security_group(context, context.tenant_id)
         marker_obj = self._get_marker_obj(context, 'security_group', limit,
                                           marker)
         return self._get_collection(context,
@@ -423,7 +430,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
         :returns: the default security group id.
         """
         filters = {'name': ['default'], 'tenant_id': [tenant_id]}
-        default_group = self.get_security_groups(context, filters)
+        default_group = self.get_security_groups(context, filters,
+                                                 default_sg=True)
         if not default_group:
             security_group = {'security_group': {'name': 'default',
                                                  'tenant_id': tenant_id,
diff --git a/quantum/plugins/midonet/plugin.py b/quantum/plugins/midonet/plugin.py
index e9656c273d..2c158f2b02 100644
--- a/quantum/plugins/midonet/plugin.py
+++ b/quantum/plugins/midonet/plugin.py
@@ -1032,12 +1032,13 @@ class MidonetPluginV2(db_base_plugin_v2.QuantumDbPluginV2,
             return super(MidonetPluginV2, self).delete_security_group(
                 context, id)
 
-    def get_security_groups(self, context, filters=None, fields=None):
+    def get_security_groups(self, context, filters=None, fields=None,
+                            default_sg=False):
         LOG.debug(_("MidonetPluginV2.get_security_groups called: "
                     "filters=%(filters)r fields=%(fields)r"),
                   {'filters': filters, 'fields': fields})
         return super(MidonetPluginV2, self).get_security_groups(
-            context, filters, fields)
+            context, filters, fields, default_sg=default_sg)
 
     def get_security_group(self, context, id, fields=None, tenant_id=None):
         LOG.debug(_("MidonetPluginV2.get_security_group called: id=%(id)s "
diff --git a/quantum/tests/unit/test_extension_security_group.py b/quantum/tests/unit/test_extension_security_group.py
index cbff55f022..6f627310a2 100644
--- a/quantum/tests/unit/test_extension_security_group.py
+++ b/quantum/tests/unit/test_extension_security_group.py
@@ -445,6 +445,12 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
             self._delete('security-groups', sg['security_groups'][0]['id'],
                          409, quantum_context=quantum_context)
 
+    def test_security_group_list_creates_default_security_group(self):
+        quantum_context = context.Context('', 'test-tenant')
+        sg = self._list('security-groups',
+                        quantum_context=quantum_context).get('security_groups')
+        self.assertEqual(len(sg), 1)
+
     def test_default_security_group_rules(self):
         with self.network():
             res = self.new_list_request('security-groups')